A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation leads to unquoted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 6.6.13 is able to address this issue. It is recommended to upgrade the affected component.
Win32k Elevation of Privilege Vulnerability
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503.
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
Windows Error Reporting Service Elevation of Privilege Vulnerability
Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.
Azure DevOps Server Remote Code Execution Vulnerability
Azure Arc-Enabled Servers Elevation of Privilege Vulnerability
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
Windows Graphics Component Elevation of Privilege Vulnerability
Xbox Live Save Service Elevation of Privilege Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.
Windows Hyper-V Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Error Reporting Service Elevation of Privilege Vulnerability
AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name.
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
Microsoft Office Graphics Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Windows Search Service Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Projected File System Elevation of Privilege Vulnerability
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Core Messaging Elevation of Privileges Vulnerability
Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
Windows Core Messaging Elevation of Privileges Vulnerability
Microsoft Defender Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.
Windows Push Notifications Apps Elevation of Privilege Vulnerability
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554.
Windows Bus Filter Driver Elevation of Privilege Vulnerability
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555.
In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop v4.31.0 https://docs.docker.com/desktop/release-notes/#4310 additionally changes the default configuration to enable this setting by default.
An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the PsmServiceExtHost.dll properly handles objects in memory.