HTTP.sys has a use-after-free vulnerability that allows a remote attacker to crash the vulnerable machine.
The Security Service of Cisco AnyConnect Posture (HostScan) for Windows incorrectly restricts access to internal IPC commands. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges by sending crafted IPC commands.
This module bypasses CVE-2021-1366 by abusing a Time-of-check Time-of-use (TOCTOU) Race Condition in the priv_file_copy command.
This update adds code to launch the exploit for CVE-2021-1366 if the detected version is vulnerable to it.
This module bypasses CVE-2021-1366 by abusing a Time-of-check Time-of-use (TOCTOU) Race Condition in the priv_file_copy command.
This update adds code to launch the exploit for CVE-2021-1366 if the detected version is vulnerable to it.
The vulnerability is an Use After Free Privilege Escalation in win32kbase and occurs in the DirectComposition::CInteractionTrackerBindingManagerMarshaler::SetBufferProperty function, which is the handler for the SetResourceBufferProperty command of a CInteractionTrackerBindingManagerMarshaler.
The Security Service of Cisco AnyConnect Posture (HostScan) for Windows incorrectly restricts access to internal IPC commands. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges by sending crafted IPC commands.
This module bypasses CVE-2021-1366 by abusing a Time-of-check Time-of-use (TOCTOU) Race Condition in the priv_file_copy command.
This module bypasses CVE-2021-1366 by abusing a Time-of-check Time-of-use (TOCTOU) Race Condition in the priv_file_copy command.
An elevation of privilege vulnerability exists in Windows when the DirectComposition component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Hard-coded credentials for the diagnostics user can be used to authenticate in the UCMDB component.
Then a java deserialization vulnerability present in several endpoints of the UCMDB service can be used to execute OS commands.
Then a java deserialization vulnerability present in several endpoints of the UCMDB service can be used to execute OS commands.
This vulnerability is caused by xxxClientAllocWindowClassExtraBytes callback in win32kfull!xxxCreateWindowEx. The callback causes the setting of a kernel struct member and its corresponding flag to be out of sync.
This Update adds support for Windows 10 2004 and 20H2
This Update adds support for Windows 10 2004 and 20H2
Unauthenticated file upload vulnerability via uploadova plugin in VMware vCenter Server to upload and extract a TAR file.
The TAR file contains a path traversal that allows writing files at arbitraries locations.
The TAR file contains a path traversal that allows writing files at arbitraries locations.
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This vulnerability is caused by xxxClientAllocWindowClassExtraBytes callback in win32kfull!xxxCreateWindowEx. The callback causes the setting of a kernel struct member and its corresponding flag to be out of sync.