NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands.
Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability."
The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Microsoft Browser Security Feature Bypass Vulnerability."
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hijack network traffic or bypass intended Enhanced Protected Mode (EPM) or application container protection mechanisms, and consequently render untrusted content in a browser, by leveraging how NetBIOS validates responses, aka "NetBIOS Spoofing Vulnerability."
"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427."
Azure Compute Gallery Elevation of Privilege Vulnerability
Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment.
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted application, aka "Hyper-V Security Feature Bypass Vulnerability."
Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.
Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.
Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges.
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.
A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Depending on the level of privileges, this vulnerability may grant access to files such as /etc/passwd or /etc/shadow.
Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
Win32k Elevation of Privilege Vulnerability
Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.
Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.
Microsoft SharePoint Server Information Disclosure Vulnerability
Windows Group Policy Security Feature Bypass Vulnerability
Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability
Windows Kernel Information Disclosure Vulnerability
Azure DevOps Server Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Active Directory Domain Services Information Disclosure Vulnerability
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.
Windows Collaborative Translation Framework Elevation of Privilege Vulnerability
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering.
Azure Machine Learning Information Disclosure Vulnerability
Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access.
NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context.
Windows Registry Elevation of Privilege Vulnerability
Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access.
IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.
Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access.
Azure Service Fabric Container Elevation of Privilege Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.
Azure Service Connector Security Feature Bypass Vulnerability