Windows Kernel Elevation of Privilege Vulnerability
Storage Spaces Direct Elevation of Privilege Vulnerability
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Windows Container Manager Service Elevation of Privilege Vulnerability
Windows InstallService Elevation of Privilege Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows WalletService Elevation of Privilege Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability
Microsoft splwow64 Elevation of Privilege Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability
Windows WalletService Elevation of Privilege Vulnerability
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
Storage Spaces Direct Elevation of Privilege Vulnerability
An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe.
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Windows Common Log File System Driver Elevation of Privilege Vulnerability
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.
NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.
The Automox Agent before 40 on Windows incorrectly sets permissions on key files.
Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Storage Spaces Direct Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361.
Windows Error Reporting Service Elevation of Privilege Vulnerability
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.
Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute arbitrary code. It is the view of the blockchain development team that the threat posed by a hypothetical binary planting attack is minimal and represents a low-security risk. The vulnerable DLL files are from the Windows networking subsystem, the Visual C++ runtime, and low-level cryptographic primitives. Collectively these dependencies are required for a large ecosystem of applications, ranging from enterprise-level security applications to game engines, and don’t represent a fundamental lack of security or oversight in the design and implementation of Creditcoin. The blockchain team takes the stance that running Creditcoin on Windows is officially unsupported and at best should be thought of as experimental.
Windows Kernel Elevation of Privilege Vulnerability
NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands.
Windows GDI Elevation of Privilege Vulnerability
Adobe Premiere Elements version 2020v20 (and earlier) is affected by an Uncontrolled Search Path Element which could lead to Privilege Escalation. An attacker could leverage this vulnerability to obtain admin using an existing low-privileged user. Exploitation of this issue does not require user interaction.
Windows Defender Credential Guard Elevation of Privilege Vulnerability
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Windows Authentication Elevation of Privilege Vulnerability
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Windows USB Print Driver Elevation of Privilege Vulnerability
Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability