service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory.
Microsoft
CVE-2022-29148
Visual Studio Remote Code Execution Vulnerability.
CVE-2022-27808
Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-26925
Windows LSA Spoofing Vulnerability.
CVE-2022-26928
Windows Photo Import API Elevation of Privilege Vulnerability.
CVE-2022-26934
Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-22011, CVE-2022-29112.