| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink. |
| Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. A high privileged attacker could potentially exploit this vulnerability leading to Denial of service. |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. |
| Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential information. |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. |
| Dell Command Monitor (DCM), versions prior to 10.12.3.28, contains an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. |
| Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web content may lead to memory corruption. |
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. |
| Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract another local user's authentication token from the shared client machine and access their WorkSpace.
To mitigate this issue, users should upgrade to the Amazon WorkSpaces client for Linux version 2025.0 or later. |
| Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network. |
| Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
| A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM. |
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. |
| A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack. |
| Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. |
| Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. |
