Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page.

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Windows Search Remote Code Execution Vulnerability

Windows Kernel Security Feature Bypass Vulnerability

Windows Telephony Server Elevation of Privilege Vulnerability

Windows Clip Service Elevation of Privilege Vulnerability

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0

Windows Runtime Remote Code Execution Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Windows Projected File System Elevation of Privilege Vulnerability

Windows Clip Service Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

ASP.NET and Visual Studio Security Feature Bypass Vulnerability

Windows Network Load Balancing Remote Code Execution Vulnerability

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

Windows Bus Filter Driver Elevation of Privilege Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.

Windows Graphics Component Elevation of Privilege Vulnerability

Windows Backup Service Elevation of Privilege Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability

Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability