Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface. The manipulation of the argument GroupName results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.

Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.