Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-3226

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-16 Jun, 2016 | 01:00
Updated At-05 Aug, 2024 | 23:47
Rejected At-
Credits

Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka "Active Directory Denial of Service Vulnerability."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:16 Jun, 2016 | 01:00
Updated At:05 Aug, 2024 | 23:47
Rejected At:
▼CVE Numbering Authority (CNA)

Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka "Active Directory Denial of Service Vulnerability."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1036108
vdb-entry
x_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-081
vendor-advisory
x_refsource_MS
Hyperlink: http://www.securitytracker.com/id/1036108
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-081
Resource:
vendor-advisory
x_refsource_MS
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1036108
vdb-entry
x_refsource_SECTRACK
x_transferred
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-081
vendor-advisory
x_refsource_MS
x_transferred
Hyperlink: http://www.securitytracker.com/id/1036108
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-081
Resource:
vendor-advisory
x_refsource_MS
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:16 Jun, 2016 | 01:59
Updated At:12 Apr, 2025 | 10:46

Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka "Active Directory Denial of Service Vulnerability."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.5MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P
CPE Matches
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*
Weaknesses
CWE IDTypeSource
CWE-284Primarynvd@nist.gov
CWE ID: CWE-284
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securitytracker.com/id/1036108secure@microsoft.com
N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-081secure@microsoft.com
N/A
http://www.securitytracker.com/id/1036108af854a3a-2127-422b-91ae-364da2661108
N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-081af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.securitytracker.com/id/1036108
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-081
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1036108
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-081
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

284Records found
CVE-2025-29804
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.10% / 29.01%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-10 Jul, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Elevation of Privilege Vulnerability

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022Microsoft Visual Studio 2022 version 17.13Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2022 version 17.12
CWE ID-CWE-284
Improper Access Control
CVE-2025-29810
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.96%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-10 Jul, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active Directory Domain Services Elevation of Privilege Vulnerability

Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows 10 Version 1809Windows 11 Version 23H2Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows 11 version 22H2Windows 10 Version 22H2Windows 11 version 22H3Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1607Windows Server 2016Windows Server 2025Windows Server 2012 R2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019
CWE ID-CWE-284
Improper Access Control
CVE-2025-27738
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.29%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-10 Jul, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Resilient File System (ReFS) Information Disclosure Vulnerability

Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows 10 Version 1809Windows 11 Version 23H2Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 version 22H3Windows 11 version 22H2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1607Windows Server 2016Windows Server 2012 R2Windows Server 2025Windows Server 2022Windows Server 2012Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019
CWE ID-CWE-284
Improper Access Control
CVE-2025-27744
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.77%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-09 Jul, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Elevation of Privilege Vulnerability

Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeMicrosoft Office 2016
CWE ID-CWE-284
Improper Access Control
CVE-2025-26645
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.10%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-07 Jul, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Desktop Client Remote Code Execution Vulnerability

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2remote_desktop_clientwindows_10_21h2windows_server_2022windows_10_1607windows_server_2019windows_server_2008windows_server_2016windows_server_2022_23h2windows_server_2025windows_10_1507windows_11_23h2windows_appwindows_11_22h2windows_10_22h2windows_10_1809Windows 10 Version 21H2Windows Server 2008 Service Pack 2 (Server Core installation)Remote Desktop client for Windows DesktopWindows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2022Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows 10 Version 22H2Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows App Client for Windows DesktopWindows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H3Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2025Windows Server 2012Windows 10 Version 1809
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-284
Improper Access Control
CVE-2025-26678
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.10% / 28.91%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-09 Jul, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Defender Application Control Security Feature Bypass Vulnerability

Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_23h2windows_server_2019windows_server_2022windows_10_22h2windows_server_2025windows_11_22h2windows_server_2022_23h2windows_10_1809windows_10_21h2Windows 10 Version 1809Windows 11 Version 23H2Windows 11 Version 24H2Windows Server 2022Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows Server 2025 (Server Core installation)Windows 11 version 22H2Windows 10 Version 22H2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2025
CWE ID-CWE-284
Improper Access Control
CVE-2025-24989
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.2||HIGH
EPSS-13.19% / 93.87%
||
7 Day CHG~0.00%
Published-19 Feb, 2025 | 22:18
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-03-14||Apply mitigations per vendor instructions, follow BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Microsoft Power Pages Elevation of Privilege Vulnerability

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you.

Action-Not Available
Vendor-Microsoft Corporation
Product-power_pagesMicrosoft Power PagesPower Pages
CWE ID-CWE-284
Improper Access Control
CVE-2025-24999
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.20%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Elevation of Privilege Vulnerability

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2016sql_server_2019sql_server_2022sql_server_2017Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2022 for x64-based Systems (CU 20)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2022 (GDR)
CWE ID-CWE-284
Improper Access Control
CVE-2025-24994
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.13% / 33.17%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-03 Jul, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_11_24h2windows_11_22h2Windows 11 version 22H3Windows 11 Version 23H2Windows 11 version 22H2Windows 11 Version 24H2
CWE ID-CWE-284
Improper Access Control
CVE-2025-24042
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.09% / 26.11%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-02 Jul, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability

Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code - JS Debug Extension
CWE ID-CWE-284
Improper Access Control
CVE-2023-32479
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.23%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 08:09
Updated-22 Aug, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-windowssecurity_management_serverencryptionendpoint_security_suite_enterpriseDell Security Management Server (Windows)Dell Endpoint Security Suite EnterpriseDell Encryptionsecurity_management_serverencryptionendpoint_security_suite_enterprise
CWE ID-CWE-284
Improper Access Control
CVE-2025-24076
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-1.59% / 80.94%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-07 Jul, 2025 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_23h2windows_11_22h2windows_server_2022_23h2windows_server_2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 11 version 22H2Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2025Windows 11 Version 23H2
CWE ID-CWE-284
Improper Access Control
CVE-2023-31020
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 4.14%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-05 Sep, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpuNVIDIA GPU Display driver, vGPU driver, and Cloud gaming driver
CWE ID-CWE-284
Improper Access Control
CVE-2023-31019
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.79%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-12 Sep, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpuNVIDIA GPU Display driver, vGPU driver, and Cloud gaming drivergpu_display_driver
CWE ID-CWE-284
Improper Access Control
CVE-2025-53729
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.21%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Azure File Sync Elevation of Privilege Vulnerability

Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_file_syncAzure File Sync
CWE ID-CWE-284
Improper Access Control
CVE-2025-48817
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 22.19%
||
7 Day CHG+0.02%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Desktop Client Remote Code Execution Vulnerability

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2remote_desktop_clientwindows_server_2022windows_10_1607windows_11_23h2windows_server_2016windows_10_1507windows_server_2025windows_server_2012windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_appwindows_10_1809windows_server_2008windows_11_22h2Remote Desktop client for Windows DesktopWindows Server 2019Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2012Windows Server 2016Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 1607Windows App Client for Windows DesktopWindows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1507Windows 10 Version 22H2Windows Server 2008 R2 Service Pack 1
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-284
Improper Access Control
CVE-2023-28714
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.04% / 10.55%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-17 Oct, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsproset\/wireless_wifiIntel(R) PROSet/Wireless WiFi software for Windowsintel_proset_wireless_wifi_software_for_windows
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-284
Improper Access Control
CVE-2024-29054
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-3.81% / 87.66%
||
7 Day CHG+0.97%
Published-09 Apr, 2024 | 17:01
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for IoT Elevation of Privilege Vulnerability

Microsoft Defender for IoT Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-defender_for_iotMicrosoft Defender for IoT
CWE ID-CWE-284
Improper Access Control
CVE-2023-28397
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 20.00%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncIntel CorporationMicrosoft Corporation
Product-windowslinux_kernelaptio_v_uefi_firmware_integrator_toolsIntel(R) Aptio* V UEFI Firmware Integrator Toolsaptio_v_uefi_firmware_integrator_tools
CWE ID-CWE-284
Improper Access Control
CVE-2024-29060
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.26% / 48.94%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:59
Updated-16 Jul, 2025 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Elevation of Privilege Vulnerability

Visual Studio Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2019visual_studio_2017visual_studio_2022Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2022 version 17.4Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2022 version 17.8
CWE ID-CWE-284
Improper Access Control
CVE-2023-28312
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 50.90%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:14
Updated-23 Jan, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Machine Learning Information Disclosure Vulnerability

Azure Machine Learning Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_machine_learningAzure Machine Learning
CWE ID-CWE-284
Improper Access Control
CVE-2023-27875
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.67%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 12:37
Updated-26 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex improper access controls

IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-linux_kernelaspera_faspexwindowsAspera Faspex
CWE ID-CWE-284
Improper Access Control
CVE-2024-30059
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.18% / 39.78%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:57
Updated-03 May, 2025 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Intune for Android Mobile Application Management Tampering Vulnerability

Microsoft Intune for Android Mobile Application Management Tampering Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-intune_mobile_application_managementMicrosoft Intune Mobile Application Management
CWE ID-CWE-284
Improper Access Control
CVE-2024-28922
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.15% / 36.18%
||
7 Day CHG-0.02%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Secure Boot Security Feature Bypass Vulnerability

Secure Boot Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CVE-2025-46619
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.07% / 22.76%
||
7 Day CHG+0.02%
Published-30 Apr, 2025 | 00:00
Updated-13 May, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Depending on the level of privileges, this vulnerability may grant access to files such as /etc/passwd or /etc/shadow.

Action-Not Available
Vendor-n/aCouchbase, Inc.Microsoft Corporation
Product-windowscouchbase_servern/a
CWE ID-CWE-284
Improper Access Control
CVE-2023-28300
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 73.56%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Service Connector Security Feature Bypass Vulnerability

Azure Service Connector Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_service_connectorAzure Service Connector
CWE ID-CWE-284
Improper Access Control
CVE-2019-10127
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.07% / 20.36%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 18:52
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development GroupMicrosoft Corporation
Product-windowspostgresqlpostgresql
CWE ID-CWE-284
Improper Access Control
CVE-2024-28917
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.14% / 34.46%
||
7 Day CHG+0.04%
Published-09 Apr, 2024 | 17:01
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability

Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_arc_extension_microsoft.videoindexerazure_arc_extension_microsoft.networkfabricserviceextensionazure_arc_extension_microsoft.iotoperations.mqazure_arc_extension_microsoft.azurekeyvaultsecretsproviderazure_arc_extension_microsoft.azure.hybridnetworkazure_arc_extension_microsoft.azstackhci.operatorazure_arc_extension_microsoft.openservicemeshAzure Arc Extension
CWE ID-CWE-284
Improper Access Control
CVE-2015-7865
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.7||HIGH
EPSS-2.11% / 83.41%
||
7 Day CHG~0.00%
Published-24 Nov, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784.

Action-Not Available
Vendor-n/aMicrosoft CorporationNVIDIA Corporation
Product-windowsgpu_drivern/a
CWE ID-CWE-284
Improper Access Control
CVE-2023-26406
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.41% / 79.76%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 00:00
Updated-05 Mar, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-20712: Net.HTTP.request URL restriction bypass

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-284
Improper Access Control
CVE-2023-26408
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.41% / 79.76%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 00:00
Updated-05 Mar, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-20712: AnnotsString Object prototype pollution Restrictions Bypass Vulnerability

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-284
Improper Access Control
CVE-2025-33072
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.12% / 32.11%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 22:17
Updated-15 Jul, 2025 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability

Improper access control in Azure allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-msagsfeedback.azurewebsites.netMicrosoft msagsfeedback.azurewebsites.net
CWE ID-CWE-284
Improper Access Control
CVE-2025-33073
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.96% / 75.56%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-19 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SMB Client Elevation of Privilege Vulnerability

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2012Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2025Windows 10 Version 1809Windows Server 2022Windows 11 version 22H2Windows Server 2016 (Server Core installation)Windows Server 2016Windows 11 Version 23H2Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1Windows 11 version 22H3Windows Server 2019Windows Server 2019 (Server Core installation)Windows 10 Version 1607Windows Server 2025 (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CVE-2023-24905
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.62%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 17:02
Updated-10 Jul, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Desktop Client Remote Code Execution Vulnerability

Remote Desktop Client Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_21h2windows_10_22h2windows_10_20h2windows_11_22h2Windows 11 version 22H2Windows 10 Version 20H2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
CVE-2023-22285
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.20%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-284
Improper Access Control
CVE-2023-22448
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 31.60%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-284
Improper Access Control
CVE-2024-26234
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.7||MEDIUM
EPSS-1.96% / 82.78%
||
7 Day CHG-0.11%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Proxy Driver Spoofing Vulnerability

Proxy Driver Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2023-21750
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.58% / 67.81%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2023-21531
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.13% / 32.94%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Service Fabric Container Elevation of Privilege Vulnerability

Azure Service Fabric Container Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_service_fabricAzure Service Fabric 9.1Azure Service Fabric 8.2Azure Service Fabric 9.0 for Linux
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21742
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-16.31% / 94.59%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-28 Feb, 2025 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016
CWE ID-CWE-284
Improper Access Control
CVE-2023-21752
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-45.91% / 97.54%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Backup Service Elevation of Privilege Vulnerability

Windows Backup Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_11windows_10Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 21H2Windows 7 Service Pack 1Windows 11 version 22H2Windows 10 Version 1809Windows 11 version 21H2Windows 7Windows 10 Version 22H2Windows 10 Version 20H2
CWE ID-CWE-284
Improper Access Control
CVE-2023-21717
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.02% / 83.06%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:33
Updated-12 Apr, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Elevation of Privilege Vulnerability

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Enterprise Server 2013 Service Pack 1
CWE ID-CWE-284
Improper Access Control
CVE-2023-21751
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 47.86%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 23:14
Updated-01 Jan, 2025 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure DevOps Server Spoofing Vulnerability

Azure DevOps Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_devops_serverAzure DevOps Server 2020.1.2Azure DevOps Server 2022
CWE ID-CWE-284
Improper Access Control
CVE-2025-29973
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.06% / 17.30%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:58
Updated-15 Jul, 2025 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Azure File Sync Elevation of Privilege Vulnerability

Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_file_syncAzure File Sync
CWE ID-CWE-284
Improper Access Control
CVE-2016-8821
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.39%
||
7 Day CHG~0.00%
Published-16 Dec, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsgpu_driverWindows GPU Display Driver
CWE ID-CWE-284
Improper Access Control
CVE-2023-0012
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 10.91%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 02:44
Updated-09 Apr, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation in SAP Host Agent (Windows)

In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised.

Action-Not Available
Vendor-Microsoft CorporationSAP SE
Product-windowshost_agentHost Agent (Windows)
CWE ID-CWE-284
Improper Access Control
CVE-2016-7248
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-31.56% / 96.63%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Video Control Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_rt_8.1windows_vistawindows_8.1windows_10n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-7247
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-30.24% / 96.52%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-7224
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.09% / 77.09%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-8223
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.08%
||
7 Day CHG~0.00%
Published-29 Nov, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.

Action-Not Available
Vendor-Lenovo Group LimitedMicrosoft Corporation
Product-system_interface_foundationwindows_10All ThinkPad, ThinkCentre, ThinkStation and Lenovo-branded systems preloaded with the Windows 10 operating system, or any system running Lenovo Companion, Lenovo Settings, or Lenovo ID.
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found