Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network.
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.
Out-of-bounds read in Capability Access Management Service (camsvc) allows an unauthorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network.
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.
Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.
Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.