Tianze Ding

Name of the Vulnerable Software and Affected Versions: Windows NTLM (affected versions not specified) Description: Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server (affected versions not specified) **Description** The issue is related to insufficient access controls in Microsoft Exchange Server, which can be exploited by a remote attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 91.0.4472.77 **Description** The issue is related to insufficient policy enforcement in the Content Security Policy component of Google Chrome, allowing a remote attacker to bypass content security policy via a specially crafted HTML page. This could potentially impact data integrity. **Recommendations** For versions prior to 91.0.4472.77, update to version 91.0.4472.77 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted HTML pages to minimize the risk of exploitation.