| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Null pointer dereference in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally. |
| Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. |
| Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. |
| Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally. |
| Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. |
| Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally. |
| Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally. |
| Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally. |
| Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally. |
| Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network. |
| Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network. |
| Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. |
| Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. |
| Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network. |
| Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally. |
| DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to load Base DLLs that would ordinarily not be loaded from the application directory. Fixed in release 24H2, but present in all earlier versions of Windows 11 for ARM CPUs. |
