Autor: Peter Leibling

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Ivanti Avalanche ausnutzen, um beliebigen Programmcode auszuführen.

Ein Angreifer kann mehrere Schwachstellen in Ivanti Connect Secure und Ivanti Policy Secure ausnutzen, um einen Denial of Service Angriff durchzuführen und um vertrauliche Informationen offenzulegen.

Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Access of resource using incompatible type (‚type confusion‘) in Windows Message Queuing allows an authorized attacker to execute code over a network.