A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component.
Windows Print Spooler Elevation of Privilege Vulnerability
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications.
Windows PDEV Elevation of Privilege Vulnerability
Named Pipe File System Elevation of Privilege Vulnerability
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
Windows Installer Elevation of Privilege Vulnerability
A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
Windows Event Tracing Elevation of Privilege Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Fax Service Elevation of Privilege Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Storage Elevation of Privilege Vulnerability
FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.
Windows Installer Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Virtual Machine IDE Drive Elevation of Privilege Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Bind Filter Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Tile Data Repository Elevation of Privilege Vulnerability
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows User Profile Service Elevation of Privilege Vulnerability
Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability
IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account.
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
Windows TCP/IP Driver Elevation of Privilege Vulnerability
Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with administrator privileges.
A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This CVE is similar, but not identical to CVE-2020-24556.
Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC.