Autor: Peter Leibling

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.

Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally.

Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.

Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network.

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.