Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.
Microsoft Defender for IoT Elevation of Privilege Vulnerability
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation.
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972.
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022.
Windows AppX Deployment Service Elevation of Privilege Vulnerability
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648.
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
Storage Spaces Controller Elevation of Privilege Vulnerability
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210.
Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) PsPasswd before 1.21, (8) PsService before 2.12, (9) PsSuspend before 1.05, and (10) PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares, which allows local users to access the shares with elevated privileges by using the existing share mapping.
NTFS Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows NTFS Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Storage Spaces Controller Elevation of Privilege Vulnerability
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
NT OS Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Overlay Filter Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Visual Studio Elevation of Privilege Vulnerability
Windows Error Reporting Service Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation. An attacker who can intercept HTTPS traffic can then inject malicious driver DLLs, resulting in remote code execution with SYSTEM privileges; a local attacker can achieve local privilege escalation via a junctionāpoint DLL injection.Ā This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
Windows Kernel Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior toĀ 25.1.1413 (Windows client deployments) contain an insecure temporary-file handling vulnerability in the PrinterInstallerClient components. The software creates files as NT AUTHORITY\SYSTEM inside a directory under the control of the local user (C:\Users\%USER%\AppData\Local\Temp\). An attacker who can place symbolic links or otherwise influence filenames in that directory can cause the service to follow the link and write to arbitrary filesystem locations as SYSTEM. This allows a local, unprivileged user to overwrite or create files as SYSTEM, leading to local privilege escalation and the ability to modify configuration files, replace or inject binaries, or otherwise compromise confidentiality, integrity, and availability of the system.Ā This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
Microsoft Endpoint Configuration Manager Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.
Open Management Infrastructure Elevation of Privilege Vulnerability
A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.
The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by lowāprivileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from userāwritable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution.
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Windows Telephony Server Elevation of Privilege Vulnerability
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers.
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Windows CD-ROM Driver Elevation of Privilege Vulnerability
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.