VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability
Azure Active Directory Pod Identity Spoofing Vulnerability
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability
Active Template Library Elevation of Privilege Vulnerability
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Windows Event Logging Service Elevation of Privilege Vulnerability
Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1474 may allow a privileged user to potentially enable information disclosure via local access.
Windows Media Center Elevation of Privilege Vulnerability
Windows Event Tracing Elevation of Privilege Vulnerability
IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user.
Bot Framework SDK Information Disclosure Vulnerability
Windows Desired State Configuration (DSC) Information Disclosure Vulnerability
Windows Multipoint Management Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7).
Windows Print Spooler Elevation of Privilege Vulnerability
Windows WalletService Elevation of Privilege Vulnerability
Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access.
Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key
Windows WLAN Service Elevation of Privilege Vulnerability
TPM Device Driver Information Disclosure Vulnerability
Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine.
Windows CSC Service Elevation of Privilege Vulnerability
NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4).
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Windows (modem.sys) Information Disclosure Vulnerability
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure.
Windows WalletService Elevation of Privilege Vulnerability
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows GDI+ Information Disclosure Vulnerability
Windows Fax Compose Form Remote Code Execution Vulnerability
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
Windows Update Stack Setup Elevation of Privilege Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key
Windows Container Manager Service Elevation of Privilege Vulnerability
Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.
Windows Win32k Elevation of Privilege Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Improper input validation in some Intel(R) Graphics Drivers before version 27.20.100.8935 may allow an authenticated user to potentially enable escalation of privilege via local access.