| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network. |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally. |
| Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network. |
| Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally. |
| Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. |
| Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. |
| Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. |
| Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. |
| Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network. |
| Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. |
| Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. |
| Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
| Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. |
