Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.
Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally.
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'.
NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640.
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462.
The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege.
Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally.
Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Windows Print Spooler Elevation of Privilege Vulnerability
Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally.
Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
Use after free in Xbox allows an authorized attacker to elevate privileges locally.
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364.
DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally.
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369.
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
Null pointer dereference in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.