CVE-2021-26734

Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context...

Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability

Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context...

VulnCheck KEV: CVE-2019-1064

A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context...

Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context...

Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context...

Microsoft Windows Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context...

Security Updates for Microsoft Visual Studio Products (November 2020)

The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by a tampering vulnerability. The vulnerability exists when the Python Tools for Visual Studio creates the python27 folder. An attacker who successfully exploited this vulnerability could run processe...

CVE-2020-1303

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted...

Windows Graphics Component Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability b...

Microsoft Windows User Profile Service Elevation of Privilege Vulnerability

Microsoft Windows is a family of operating systems from Microsoft. An elevation of privilege vulnerability exists when Microsoft Windows User Profile Service improperly handles symbolic links. An attacker could exploit the vulnerability to delete files and folders in an elevated context...

Windows Media Elevation of Privilege Vulnerability

An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an...

CVE-2019-0986

An elevation of privilege vulnerability exists when the Windows User Profile Service ProfSvc improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first have to...

SandboxEscaper Debuts ByeBear Windows Patch Bypass

Guerrilla developer SandboxEscaper has disclosed a second bypass exploit for a patch that fixes a Windows local privilege-escalation LPE flaw — again without notifying Microsoft. The exploit, dubbed “ByeBear,” enables attackers to get past the patch to attack a permissions-overwrite,...

Microsoft Windows Multiple Vulnerabilities (KB4343900)

This host is missing a critical security update according to Microsoft KB4343900 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DirectX Graphics Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to...

Microsoft Windows Multiple Vulnerabilities (KB4284880)

This host is missing a critical security update according to Microsoft KB4284880 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4103718)

This host is missing a critical security update according to Microsoft KB4103718 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EnCase Forensic Imager 7.10 Buffer Overflow Vulnerability

Guidance Software EnCase Forensic Imager versions 7.10 and below suffer from a stack-based buffer overflow vulnerability. title: Stack based buffer overflow product: Guidance Software EnCase Forensic Imager vulnerable version: EnCase Forensic Imager = 7.10 fixed version: - CVE number: - impact:...

Microsoft Windows Kernel Mode Drivers Multiple Vulnerabilities (3205651)

This host is missing an important security update according to Microsoft Bulletin MS16-151 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Windows Common Log File System Driver Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Common Log File System CLFS driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have...