Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system.
RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM.
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering.
Sysinternals PsExec Elevation of Privilege Vulnerability
Microsoft Defender Remote Code Execution Vulnerability
Windows Installer Elevation of Privilege Vulnerability
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability
Azure Active Directory Pod Identity Spoofing Vulnerability
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability
Active Template Library Elevation of Privilege Vulnerability
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Windows Event Logging Service Elevation of Privilege Vulnerability
Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1474 may allow a privileged user to potentially enable information disclosure via local access.
Windows Media Center Elevation of Privilege Vulnerability
Windows Event Tracing Elevation of Privilege Vulnerability
IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user.
Bot Framework SDK Information Disclosure Vulnerability
Windows Desired State Configuration (DSC) Information Disclosure Vulnerability
Windows Boot Manager Security Feature Bypass Vulnerability
Windows Multipoint Management Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7).
Windows Print Spooler Elevation of Privilege Vulnerability
Windows WalletService Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key
Windows WLAN Service Elevation of Privilege Vulnerability
TPM Device Driver Information Disclosure Vulnerability
Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine.
Windows CSC Service Elevation of Privilege Vulnerability
NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4).
Windows Shell Remote Code Execution Vulnerability
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Windows (modem.sys) Information Disclosure Vulnerability
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure.
Windows WalletService Elevation of Privilege Vulnerability
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows GDI+ Information Disclosure Vulnerability
Windows Fax Compose Form Remote Code Execution Vulnerability
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
Windows Update Stack Setup Elevation of Privilege Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability