Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.

Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.

Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.

Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.