Azure CycleCloud Elevation of Privilege Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
Windows Hyper-V Remote Code Execution Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.
Microsoft Defender for IoT Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server.</p> <p>An authenticated attacker with privileges to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 handles user input.</p>
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
<p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable Dynamics server. The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 (on-premises) validates and sanitizes user input.</p>
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Entra ID allows an authorized attacker to perform spoofing over a network.
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network.
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability
Microsoft Exchange Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
Azure Site Recovery Remote Code Execution Vulnerability
ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode.
Microsoft Exchange Server Remote Code Execution Vulnerability
Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.
An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.
Microsoft Defender for IoT Remote Code Execution Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher.
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
Microsoft SharePoint Server Remote Code Execution Vulnerability
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.
Use after free in RPC Runtime allows an authorized attacker to execute code over a network.
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper input validation in Power BI allows an authorized attacker to execute code over a network.