Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Null pointer dereference in Active Directory Domain Services allows an authorized attacker to deny service over a network.
Missing authentication for critical function in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges locally.
Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack.
Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
Use after free in Windows Secure Socket Tunneling Protocol (SSTP) allows an unauthorized attacker to execute code over a network.
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.
Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Edge (Chromium-based) allows an authorized attacker to disclose information locally.