Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Azure Connected Machine Agent Elevation of Privilege Vulnerability
NTFS Elevation of Privilege Vulnerability
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
Windows Hyper-V Elevation of Privilege Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Visual Studio Elevation of Privilege Vulnerability
NTFS Elevation of Privilege Vulnerability
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Windows GDI Elevation of Privilege Vulnerability
Windows GDI Elevation of Privilege Vulnerability
Windows CD-ROM Driver Elevation of Privilege Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Azure CycleCloud Remote Code Execution Vulnerability
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
SysInternals Sysmon for Windows Elevation of Privilege Vulnerability
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184.
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Windows Desktop Bridge Elevation of Privilege Vulnerability
GDI Elevation of Privilege Vulnerability
Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC.
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
Out of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via local access.
An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges.
Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
Windows PDEV Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Named Pipe File System Elevation of Privilege Vulnerability
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is trusted by the victim. The attacker then needs to convince the victim to open the document.
Windows Installer Elevation of Privilege Vulnerability
Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access.
Windows Registry Elevation of Privilege Vulnerability
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
Incorrect default permissions in some Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access.
Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local access.