| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86 resulting in potential loss of control of cryptographic key pointer/index leading to loss of integrity or confidentiality. |
| Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. |
| Memory corruption due to global buffer overflow when a test command uses an invalid payload type. |
| Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing. |
| Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally. |
| Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. |
| Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. |
| Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service |
| Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.
The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. |
| NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, NanaZip has an out-of-bounds heap read in `.NET Single File` bundle header parser due to missing bounds check. Opening a crafted file with NanaZip causes a crash or leaks heap data to the user. Version 6.0.1630.0 patches the issue. |
| Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. |
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. |
| Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. |
