Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.
Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.
Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.