An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941.

Windows MSHTML Platform Remote Code Execution Vulnerability

Windows GPSVC Elevation of Privilege Vulnerability

Windows HTML Platforms Security Feature Bypass Vulnerability

Windows Remote Desktop Services Denial of Service Vulnerability

Kerberos AppContainer Security Feature Bypass Vulnerability

Scripting Engine Memory Corruption Vulnerability

Windows NTLM Elevation of Privilege Vulnerability

Windows NTFS Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Filter Manager Elevation of Privilege Vulnerability

Windows DCOM Server Security Feature Bypass

Windows Print Spooler Remote Code Execution Vulnerability

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

OLE Automation Remote Code Execution Vulnerability

Windows SSDP Service Elevation of Privilege Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability

Microsoft Bluetooth Driver Spoofing Vulnerability