Kategorie: Allgemein

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Improper neutralization of special elements used in a command (‚command injection‘) in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network.