Windows CSC Service Elevation of Privilege Vulnerability
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.
Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.
Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account.
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally.
Improper input validation in some Intel(R) Graphics Drivers before version 27.20.100.8935 may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access.
Improper initialization in some Intel(R) Graphics Driver before version 27.20.100.9030 may allow an authenticated user to potentially enable escalation of privilege via local access.
A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.
Windows Win32k Elevation of Privilege Vulnerability
Improper permissions in the installer for the Intel(R) RealSense(TM) D400 Series UWP driver for Windows* 10 may allow an authenticated user to potentially enable escalation of privilege via local access.
Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory.
The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an arbitrary file name.
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication
MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files.
Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure.
Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.
Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)
Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960.
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Windows Backup Service Elevation of Privilege Vulnerability
VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user.
Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.
Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960.
Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
Windows Kernel Elevation of Privilege Vulnerability
A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted AF_PACKET socket can cause a process to create an executable memory mapping with controllable content. An attacker can execute a shellcode that uses the PACKET_MMAP functionality to trigger this vulnerability.
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.