Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authenticated Data) with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim...

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.

Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service over an adjacent network.

Windows Kerberos Denial of Service Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.

Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so th...

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority (RA) level to ...

Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server (or ac...