Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.

Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.

Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.