Afang5472

Name of the Vulnerable Software and Affected Versions: Windows Workstation Service (affected versions not specified) Description: The issue is related to an elevation-of-privilege vulnerability in the Windows Workstation Service, which is caused by an integer overflow. This vulnerability can be exploited by an attacker to gain elevated privileges on the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 16 iOS versions prior to 16 iOS versions prior to 15.7 iPadOS versions prior to 15.7 **Description** A buffer overflow issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution. The issue is related to the WebKitGTK and WPE WebKit modules, which can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For Safari versions prior to 16, update to Safari 16 to resolve the issue. For iOS versions prior to 16, update to iOS 16 to resolve the issue. For iOS versions prior to 15.7, update to iOS 15.7 to resolve the issue. For iPadOS versions prior to 15.7, update to iPadOS 15.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** njs versions through 0.7.1 **Description** A control flow hijack was discovered in njs, caused by a Type Confusion vulnerability in the `njs promise perform then()` function. This issue affects njs used in NGINX. **Recommendations** For versions through 0.7.1, consider disabling the `njs promise perform then()` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows WalletService (affected versions not specified) Description: The issue is related to insufficient access restrictions in the WalletService of Windows operating systems. It allows an attacker to elevate their privileges, affecting the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to errors in privilege management within the Windows operating system's CSC service. It allows an attacker to potentially elevate their privileges, affecting the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Diagnostics Hub Standard Collector (affected versions not specified) **Description** The issue is related to insecure privilege management in the Diagnostics Hub Standard Collector service of the Visual Studio software. It allows an attacker to elevate their privileges, potentially affecting the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to errors in privilege management in the Active Template Library of the Windows operating system. It allows an attacker to potentially elevate their privileges, affecting the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to errors in privilege management within the Windows operating system's CSC service. It allows an attacker to potentially elevate their privileges, affecting the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Runtime C++ Template Library (affected versions not specified) **Description** The issue is related to unsafe privilege management in the Windows Runtime C++ Template Library, which can be exploited to elevate privileges and execute arbitrary code. It allows attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified) Description: The issue is related to insufficient access restrictions in the WalletService of Windows operating systems. It allows an attacker to elevate their privileges, affecting the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Multipoint Management (affected versions not specified) Description: The issue is related to insufficient access restrictions in the Windows Multipoint Management service, which can be exploited to elevate privileges. This could allow an attacker to affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows WalletService (affected versions not specified) **Description** The issue is related to insufficient access control in the WalletService of Windows operating systems. It allows an attacker to elevate their privileges, potentially affecting the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified) Description: The issue is related to insufficient access restrictions in the WalletService of Windows operating systems. It allows an attacker to elevate their privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OneDrive for Windows (affected versions not specified) Description: The issue is related to the improper handling of symbolic links by the OneDrive for Windows Desktop application. This could allow an attacker to overwrite a targeted file with an elevated status by running a specially crafted application. The attacker would first need to log on to the system to exploit this issue. Recommendations: To resolve the issue, apply the update that corrects where the OneDrive updater performs file writes while running with elevation. At the moment, there is no information about specific versions that contain a fix for this vulnerability, so ensure to apply the latest available update.

Name of the Vulnerable Software and Affected Versions: OneDrive for Windows Desktop (affected versions not specified) Description: The issue arises from the improper handling of symbolic links by the OneDrive for Windows Desktop application, leading to a potential elevation of privilege. An attacker, after logging on to the system, could exploit this by running a specially crafted application to overwrite or delete targeted files with elevated status. The estimated number of potentially affected devices worldwide is not provided, and there is no information about real-world incidents where this issue was exploited. Recommendations: To resolve the issue, apply the update that corrects where the OneDrive updater performs file writes while running with elevation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Modules Installer (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability. It occurs when the Windows Modules Installer improperly handles file operations. This vulnerability can be exploited by an attacker to elevate their privileges using a specially crafted application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows System Events Broker (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability that occurs when the Windows System Events Broker improperly handles file operations. This vulnerability can be exploited by an attacker using a specially crafted application to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Profile Service (affected versions not specified) **Description** The issue is related to the improper handling of file operations by the Windows Profile Service, which can lead to an elevation of privilege. This could potentially allow an attacker to gain unauthorized access to protected information using a specially crafted application. The vulnerability may be exploited to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Defender (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in the MpSigStub.exe file for Microsoft Defender. This vulnerability allows file deletion in arbitrary locations. To exploit the issue, an attacker would first need to log on to the system. The vulnerability is associated with errors in privilege management, which could allow a remote attacker to delete files in specific parts of the file system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows State Repository Service (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability that occurs due to the improper handling of objects in memory by the Windows State Repository Service. This could allow an attacker to elevate their privileges and potentially execute arbitrary code using a specially crafted application. The vulnerability may be exploited to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.