| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper access control in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser::cleanup() used regular expressions with overlapping quantifiers for YAML directive, comment, and document marker cleanup, allowing crafted input to make parsing hang for an arbitrarily long time. This issue is fixed in versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12. |
| Improper neutralization of special elements used in a command ('command injection') in Outlook Copilot allows an authorized attacker to perform tampering over a network. |
| Out-of-bounds read in Windows Schannel allows an authorized attacker to disclose information over a network. |
| Double free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Missing authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. |
| Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges over a network. |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. |
| Use of uninitialized resource in Microsoft Office allows an unauthorized attacker to disclose information locally. |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. |
| Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network. |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. |
| Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. |
| Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally. |
| Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Out-of-bounds read in Active Directory Federation Services (AD FS) allows an authorized attacker to disclose information over a network. |
| Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. |
| Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. |
| Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. |