Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access.
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file.
Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access.
Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.
GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or Agent are installed on to modify executables or components of the installation. This does not affect zip file-based installs, installations to other platforms, or installations inside `Program Files` or `Program Files (x86)`. This issue is fixed in GoCD 22.2.0 installers. As a workaround, if the server or agent is installed outside of `Program Files (x86)`, verify the the permission of the Server or Agent installation directory to ensure the `Everyone` user group does not have `Full Control`, `Modify` or `Write` permissions.
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.
Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Azure Front Door Elevation of Privilege Vulnerability
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally.
During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component Vulnerability."
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka "Windows Remote Code Execution Vulnerability."
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to bypass intended access restrictions via unspecified vectors.
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation.
Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment.
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in an e-mail attachment, aka "Microsoft Office Spoofing Vulnerability."
Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.
Secure Boot Security Feature Bypass Vulnerability
Windows Geolocation Service Information Disclosure Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Windows NTFS Elevation of Privilege Vulnerability
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.
Visual Studio Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
Windows Kernel Security Feature Bypass Vulnerability
Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.
Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Shell Remote Code Execution Vulnerability."