Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Substance3D - Modeler versions 1.21.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Substance3D - Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Animate versions 24.0.8, 23.0.11 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Animate versions 24.0.8, 23.0.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Substance3D - Painter versions 11.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Lightroom Desktop versions 8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper link resolution before file access ('Link Following') for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
Uncontrolled resource consumption for some OpenVINO™ model server software maintained by Intel(R) before version 2024.4 may allow an unauthenticated user to potentially enable denial of service via. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.1). No vendor patch available.
Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Untrusted pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable information disclosure or denial of service via local access. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.