| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. |
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. |
| Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally. |
| Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network. |
| Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network. |
| Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an unauthorized attacker to execute code over a network. |
| Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. |
| Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. |
| Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. |
| Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. |
| Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. |
| Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network. |
| WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability.
The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23035. |
