Autor: Peter Leibling

Trust boundary violation in Visual Studio Code – Python extension allows an unauthorized attacker to execute code locally.

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVE-2024-49000 re-released to address a regression introduced in the original updates to both Security update for SQL 2016 Azure Connect Feature Pack and Security update for SQL Server 2016 SP3 RTM+GDR. Customers affected by the regression should install the security updates released on July 8, 2025. See the updated information in the Security Updates table.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Microsoft Teams allows an authorized attacker to elevate privileges locally.

Access of resource using incompatible type (‚type confusion‘) in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.

Angreifer können unter anderem SAP NetWeaver-Produkte und Business Objects attackieren. Sicherheitsupdates stehen zum Download bereit.

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Siemens TIA Portal ausnutzen, um einen Denial of Service Angriff durchzuführen.