Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.

Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.

Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.

Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.