| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to execute code over a network. |
| Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over an adjacent network. |
| Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to execute code over a network. |
| Use after free in Windows Brokering File System allows an authorized attacker to elevate privileges locally. |
| Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. |
| Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. |
| Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. |
| Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. |
| Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally. |
| Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally. |
| Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally. |
| Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network. |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. |
| Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) |
| Inappropriate implementation in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| Inappropriate implementation in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) |
| Insufficient policy enforcement in Spellcheck in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) |
| Inappropriate implementation in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |