#microsoft

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to execute code locally.

Dependency on vulnerable third-party component in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.

Deserialization of untrusted data in Microsoft Windows Codecs Library allows an unauthorized attacker to execute code locally.

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.