Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
Windows Kernel Security Feature Bypass Vulnerability
Visual Studio Elevation of Privilege Vulnerability
Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.
Active Directory Domain Services Elevation of Privilege Vulnerability
Windows NTFS Elevation of Privilege Vulnerability
Windows Geolocation Service Information Disclosure Vulnerability
Secure Boot Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Windows File Explorer Elevation of Privilege Vulnerability
SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.
Azure Stack Hub Elevation of Privilege Vulnerability
Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network.
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file.
Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access.
GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or Agent are installed on to modify executables or components of the installation. This does not affect zip file-based installs, installations to other platforms, or installations inside `Program Files` or `Program Files (x86)`. This issue is fixed in GoCD 22.2.0 installers. As a workaround, if the server or agent is installed outside of `Program Files (x86)`, verify the the permission of the Server or Agent installation directory to ensure the `Everyone` user group does not have `Full Control`, `Modify` or `Write` permissions.
Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access.
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue
NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands.
There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux which, under unique circumstances, could allow a remote, low‑privileged authenticated attacker to access secure services published to a standalone (unfederated) ArcGIS Server instance. Successful exploitation results in unauthorized access to protected services outside the attacker’s originally assigned authorization boundary, constituting a scope change. If exploited, this issue would have a high impact on confidentiality, a low impact on integrity, and no impact on the availability of the software.
Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.
Microsoft SharePoint Elevation of Privilege Vulnerability
Visual Studio Elevation of Privilege Vulnerability
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
Windows Address Book Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Microsoft Power Automate Desktop Remote Code Execution Vulnerability
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
Microsoft SharePoint Elevation of Privilege Vulnerability
Windows Update Stack Elevation of Privilege Vulnerability
Microsoft System Center Elevation of Privilege Vulnerability
Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.
Windows Remote Desktop Services Tampering Vulnerability
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427."
Azure CycleCloud Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network.
Windows Initial Machine Configuration Elevation of Privilege Vulnerability
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.