Autor: Peter Leibling

Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally.

Improper neutralization of input during web page generation (‚cross-site scripting‘) in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.

Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally.

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.

Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.

Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.