#auth

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Capability Consent Manager (camsvc service) allows an unauthorized attacker to elevate privileges locally.

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

**According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?** An attacker must trick the user into interacting with a spoofed WebAuthn prompt and entering their credentials.

AMD Store Queue allows an authorized attacker to disclose information locally.

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.

Improper authentication in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.