CVE

Windows Bluetooth Driver Remote Code Execution Vulnerability

Windows Kernel Denial of Service Vulnerability

An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by changing the log level at which these are logged to DEBUG, which is disabled by default.

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. This vulnerability is due to improper validation of the packet's inner source IP address after decryption. An attacker could exploit this vulnerability by sending crafted packets through the tunnel. A successful exploit could allow the attacker to send a packet impersonating another VPN user's IP address. It is not possible for the attacker to receive return packets.

Microsoft Outlook for Mac Spoofing Vulnerability

Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability

Windows DNS Spoofing Vulnerability

Azure Connected Machine Agent Elevation of Privilege Vulnerability

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability