Integer overflow or wraparound in Windows NTFS allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Overlay Filter allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Win32K allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
Heap-based buffer overflow in Windows Media allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
Heap-based buffer overflow in Windows Web Proxy Auto-Discovery Protocol (WPAD) allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows DNS allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally.
Integer overflow or wraparound in Windows Web Proxy Auto-Discovery Protocol (WPAD) allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.
A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.
Windows Kernel Elevation of Privilege Vulnerability
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Windows CSC Service Elevation of Privilege Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.
In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00447115; Issue ID: MSV-4276.
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00441509; Issue ID: MSV-4138.
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435349; Issue ID: MSV-4051.
A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called 5a3391fdce046bc5473e52afbd835dd2dc127146. Applying a patch is advised to resolve this issue.
A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The patch is named 33e2271c431bf21de001e972f72da17a984da932. It is suggested to install a patch to address this issue.
Visual Studio Elevation of Privilege Vulnerability
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rve_destroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.
A flaw has been found in Open Babel up to 3.1.1. Impacted is the function ChemKinFormat::CheckSpecies of the file /src/formats/chemkinformat.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used.
A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".
A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks.