Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability

The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.

Windows Kernel Elevation of Privilege Vulnerability

Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568.

Visual Studio Elevation of Privilege Vulnerability

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11.

Windows Bind Filter Driver Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269.

Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.

Windows Overlay Filter Information Disclosure Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

Event Tracing for Windows Information Disclosure Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability".

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows.

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.

Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions.

Windows DNS Server Remote Code Execution Vulnerability

Windows Clip Service Elevation of Privilege Vulnerability

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

Windows Remote Desktop Services Remote Code Execution Vulnerability

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Windows Remote Desktop Services Remote Code Execution Vulnerability

Windows Remote Desktop Services Remote Code Execution Vulnerability

Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

Microsoft Office Elevation of Privilege Vulnerability

Windows Remote Desktop Services Remote Code Execution Vulnerability

Windows Remote Desktop Services Remote Code Execution Vulnerability