| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows SSDP Service Elevation of Privilege Vulnerability |
| Windows Media Foundation Core Remote Code Execution Vulnerability |
| Windows Projected File System FS Filter Driver Information Disclosure Vulnerability |
| Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| Windows WalletService Elevation of Privilege Vulnerability |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability |
| Windows Desktop Bridge Denial of Service Vulnerability |
| Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability |
| Windows TCP/IP Driver Denial of Service Vulnerability |
| Microsoft Bluetooth Driver Spoofing Vulnerability |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| Windows Container Manager Service Elevation of Privilege Vulnerability |
| Windows Container Manager Service Elevation of Privilege Vulnerability |
| Windows Container Manager Service Elevation of Privilege Vulnerability |
| Windows Container Manager Service Elevation of Privilege Vulnerability |
| Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls. |
| upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation. |
| Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software. |
| The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges. |
