Allgemein – Seite 529

CVE-2025-36350 AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue

The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for…
Weiterlesen

CVE-2025-49725 Windows Notification Elevation of Privilege Vulnerability

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.

CVE-2025-36357 AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue

The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for…
Weiterlesen

CVE-2025-49714 Visual Studio Code Python Extension Remote Code Execution Vulnerability

Trust boundary violation in Visual Studio Code – Python extension allows an unauthorized attacker to execute code locally.

CVE-2025-48815 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability

Access of resource using incompatible type (‚type confusion‘) in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

CVE-2025-47987 Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

CVE-2025-49661 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2025-49674 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVE-2024-49000 SQL Server Native Client Remote Code Execution Vulnerability

CVE-2024-49000 re-released to address a regression introduced in the original updates to both Security update for SQL 2016 Azure Connect Feature Pack and Security update for SQL Server 2016 SP3 RTM+GDR. Customers affected by the regression should install the security updates released on July 8, 2025. See the updated information in the Security Updates table.

CVE-2025-49737 Microsoft Teams Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Microsoft Teams allows an authorized attacker to elevate privileges locally.

Kategorie: Allgemein