Buffer Overflow in the entry handler of the TraceEvent() system call could allow an attacker with local access to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.
Use after free in Graphics Kernel allows an authorized attacker to elevate privileges locally.
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment.
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. NO...
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally.
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover.
Insufficient Parameter Validation in the SchedGet() system call could allow an attacker with local access to cause a crash of the QNX Neutrino kernel.
Deserialization of untrusted data in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network.
Out-of-bounds read in Active Directory Federation Services (AD FS) allows an authorized attacker to disclose information over a network.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Origin validation error in Windows Network Address Translation (NAT) allows an unauthorized attacker to perform spoofing over an adjacent network.
Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.