CVE Database

Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally.

Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.

Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally.

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.

Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.

Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.

Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally.

Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.

Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.

Use after free in Xbox allows an authorized attacker to elevate privileges locally.

Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally.

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.

Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only vendor-signed firmware can execute on the device. An adversary can exploit this vulnerability to run modified or custom firmware on affected Access Points.

A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.

An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.

An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.

An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the underlying operating system.

Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.

An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands.

An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking.

An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests.

A weak authentication vulnerability in Fortinet FortiPAM 1.5.0, FortiPAM 1.4.0 through 1.4.2, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially crafted http requests

An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables.

An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy

Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining the integrity of the early boot process.

A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer 7.2.0 through 7.2.9, FortiAnalyzer 7.0.0 through 7.0.13, FortiAnalyzer 6.4 all versions, FortiAnalyzer 6.2 all versions, FortiAnalyzer 6.0 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.5, FortiAnalyzer Cloud 7.2.1 through 7.2.9, FortiAnalyzer Cloud 7.0.1 through 7.0.13, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.0 through 7.2.9, FortiManager 7.0.0 through 7.0.13, FortiManager 6.4 all versions, FortiManager 6.2 all versions, FortiManager 6.0 all versions, FortiManager Cloud 7.6.2, FortiManager Cloud 7.4.1 through 7.4.5, FortiManager Cloud 7.2.1 through 7.2.9, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4 all versions, FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiProxy 7.2.0 through 7.2.12, FortiProxy 7.0.0 through 7.0.19, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions allows attacker to execute unauthorized code or commands via specifically crafted requests.