| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| 7-Zip for Windows through 26.01 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched and NTFS canonicalizes it to the same stream, overwriting the propagated Internet-zone marker with ZoneId=0. A second STM record named '::$DATA' overwrites the extracted file's default data stream, letting an attacker defeat SmartScreen/MotW warnings and spoof file content. |
| Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. |
| Stack-based buffer overflow in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network. |
| Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network. |
| Heap-based buffer overflow in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network. |
| Loop with unreachable exit condition ('infinite loop') in Windows Active Directory allows an unauthorized attacker to deny service over a network. |
| Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network. |
| Null pointer dereference in Active Directory Domain Services allows an authorized attacker to deny service over a network. |
| Use after free in Windows Virtual Filtering Platform (VFP) allows an authorized attacker to deny service over a network. |
| Untrusted pointer dereference in Windows Domain Controller allows an unauthorized attacker to deny service over a network. |
| Buffer over-read in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. |
| Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. |
| Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network. |
| Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. |
| Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network. |
| Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network. |
| Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network. |
| Insufficient policy enforcement in Isolated Web Apps in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) |
| Insufficient policy enforcement in XML in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) |
| Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally. |