The driver in EVGA Precision X1 (aka WinRing0x64.sys) allows any user to read and write to arbitrary memory.
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. This module tries to determine remotely, if the target host is either vulnerable to CVE-2020-1472 or not.
An elevation of privilege vulnerability exists in Windows when the DNS server fails to properly handle SIG responses. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content.
Multiple stack buffer overflows were found in the MSI AmbientLink MsIo64 driver when processing IoControlCode (IOCTL) 0x80102040, 0x80102044, 0x80102050, 0x80102054. Local attackers, including low integrity processes, can exploit these vulnerabilities and consequently gain NT AUTHORITY\SYSTEM privileges.
An unauthenticated java deserialization vulnerability via T3 protocol in Oracle Weblogic Server allows an attacker to upload and execute a java class file to gain arbitrary code execution on the affected system.
This update adds xml tags to prevent pivoting.
This update adds xml tags to prevent pivoting.
An unauthenticated java deserialization vulnerability via T3 protocol in Oracle Weblogic Server allows an attacker to upload and execute a java class file to gain arbitrary code execution on the affected system.
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.17, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence.
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.