FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.
Storage Spaces Controller Elevation of Privilege Vulnerability
Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
Storage Spaces Controller Elevation of Privilege Vulnerability
Storage Spaces Controller Elevation of Privilege Vulnerability
Storage Spaces Controller Elevation of Privilege Vulnerability
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges.
Windows Registry Elevation of Privilege Vulnerability
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
Windows Filtering Platform Elevation of Privilege Vulnerability
Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
Windows HTTP.sys Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Sysmain Service Elevation of Privilege Vulnerability
Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.
Windows Partition Management Driver Elevation of Privilege Vulnerability
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Windows Graphics Component Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.
Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.
Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
Windows Graphics Component Elevation of Privilege Vulnerability
GDI+ Remote Code Execution Vulnerability
Windows NT OS Kernel Elevation of Privilege Vulnerability
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to contain a buffer overflow via the decompress function.
A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secure Client process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid user credentials on the Windows system.
Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
portcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Port-Class Driver Double Fetch Vulnerability."
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-1344, and CVE-2013-3864.
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate addresses, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-1344, and CVE-2013-3865.