Windows ALPC Elevation of Privilege Vulnerability
Windows NT OS Kernel Elevation of Privilege Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
Windows ALPC Elevation of Privilege Vulnerability
Windows ALPC Elevation of Privilege Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Performance Counters for Windows Elevation of Privilege Vulnerability
Windows PlayToManager Elevation of Privilege Vulnerability
Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\Windows\Temp). In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade).
Windows Print Spooler Elevation of Privilege Vulnerability
Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability
Windows.Devices.Picker.dll Elevation of Privilege Vulnerability
Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server.
Windows Kernel Elevation of Privilege Vulnerability
Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability
Windows StateRepository API Server file Elevation of Privilege Vulnerability
Windows System Launcher Elevation of Privilege Vulnerability
Windows Push Notifications Apps Elevation of Privilege Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Accounts Control Elevation of Privilege Vulnerability
Clipboard User Service Elevation of Privilege Vulnerability
Windows AppContracts API Server Elevation of Privilege Vulnerability
Windows Application Model Core API Elevation of Privilege Vulnerability
Windows Devices Human Interface Elevation of Privilege Vulnerability
Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability
Tile Data Repository Elevation of Privilege Vulnerability
Connected Devices Platform Service Elevation of Privilege Vulnerability
Windows GDI Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows UI Immersive Server API Elevation of Privilege Vulnerability
Windows Storage Elevation of Privilege Vulnerability
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows User Profile Service Elevation of Privilege Vulnerability
Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.
Windows Event Tracing Elevation of Privilege Vulnerability
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.
An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms.
An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.12; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.9; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.4; Cortex XDR agent 7.3 versions earlier than Cortex XDR agent 7.3.2.
Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.
Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
Microsoft Word Remote Code Execution Vulnerability
An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM).