ZDI-24-1018: Linux Kernel io_uring Buffer List Race Condition Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code...
ZDI-24-975: Microsoft Excel FBX File Parsing Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that...
ZDI-24-976: Microsoft Office PowerPoint GLB File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in...
ZDI-24-977: Microsoft Office Excel XLW File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in...
ZDI-24-978: Microsoft PC Manager Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft PC Manager. An attacker must first obtain the ability to execute low-privileged...
ZDI-24-979: Microsoft Office Visio DXF File Parsing Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in...
ZDI-24-980: Microsoft Azure Machine Learning Forecasting Toolkit azuremlftkrelease Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Forecasting Toolkit for Microsoft Azure. Authentication is not required to exploit this...
ZDI-24-981: Microsoft Azure Machine Learning Notebooks azuremlpackages Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Azure Machine Learning Notebooks for Microsoft Azure. Authentication is not required to...
ZDI-24-982: Microsoft Azure SQL Workshop azuremlsampleexperiments Uncontrolled Search Path Element Vulnerability
This vulnerability allows remote attackers to manipulate sample datasets on affected installations of SQL Workshop for Microsoft Azure. Authentication is not required to exploit this...
ZDI-24-983: Microsoft Azure Go Labs microsoftgoproxy Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Go Labs for Microsoft Azure. Authentication is not required to exploit this...