Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability.
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
<p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.</p> <p>To exploit the vulnerability, an attacker would need to be authenticated on an affected SharePoint Server. The attacker would then need to send a specially modified request to the server, targeting a specific user.</p> <p>The security update addresses the vulnerability by modifying how Microsoft SharePoint Server handles profile data.</p>
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
.NET and Visual Studio Remote Code Execution Vulnerability
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.
Azure DevOps Server Spoofing Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge for Android (Chromium-based) Tampering Vulnerability
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows
Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
Internet Shortcut Files Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
BitLocker Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
Visual Studio Remote Code Execution Vulnerability
Secure Boot Security Feature Bypass Vulnerability
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
Windows Mark of the Web Security Feature Bypass Vulnerability
BitLocker Security Feature Bypass Vulnerability
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
Code Integrity Guard Security Feature Bypass Vulnerability
Windows Scripting Engine Security Feature Bypass Vulnerability
Windows Mark of the Web Security Feature Bypass Vulnerability
Windows Mark of the Web Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability
Windows SmartScreen Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.
Microsoft Publisher Security Feature Bypass Vulnerability
Azure CycleCloud Elevation of Privilege Vulnerability
Windows Package Library Manager Information Disclosure Vulnerability
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
BitLocker Security Feature Bypass Vulnerability
The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash along with a 'FileAttribRef' qualifier (such as file name or version) may not be blocked, whether hypervisor-protected code integrity (HVCI) is enabled or not. NOTE: The vendor disputes this CVE ID assignment and states that the driver blocklist is intended for use with HVCI.
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.