ByteOS

Product

Firefox ESR

Versions

Affected

From unspecified before 52.2 (custom)

Vendor

Product

Firefox

Versions

Affected

From unspecified before 54 (custom)

Problem Types

Type	CWE ID	Description
text	N/A	File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service

Type: text

CWE ID: N/A

Description: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service

References

Hyperlink	Resource
http://www.securityfocus.com/bid/99057	vdb-entry x_refsource_BID
https://www.mozilla.org/security/advisories/mfsa2017-15/	x_refsource_CONFIRM
http://www.securitytracker.com/id/1038689	vdb-entry x_refsource_SECTRACK
https://bugzilla.mozilla.org/show_bug.cgi?id=1342742	x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2017-16/	x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/99057

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2017-15/

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securitytracker.com/id/1038689

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1342742

Resource:

x_refsource_CONFIRM

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2017-16/

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.securityfocus.com/bid/99057	vdb-entry x_refsource_BID x_transferred
https://www.mozilla.org/security/advisories/mfsa2017-15/	x_refsource_CONFIRM x_transferred
http://www.securitytracker.com/id/1038689	vdb-entry x_refsource_SECTRACK x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1342742	x_refsource_CONFIRM x_transferred
https://www.mozilla.org/security/advisories/mfsa2017-16/	x_refsource_CONFIRM x_transferred

Hyperlink: http://www.securityfocus.com/bid/99057

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2017-15/

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securitytracker.com/id/1038689

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1342742

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2017-16/

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security@mozilla.org

Published At:11 Jun, 2018 | 21:29

Updated At:25 Nov, 2025 | 17:50

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.0

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 4.6

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

>>firefox>>Versions before 52.2.0(exclusive)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

>>firefox>>Versions before 54.0(exclusive)

Microsoft Corporation

>>windows>>-

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/99057	security@mozilla.org	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038689	security@mozilla.org	Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1342742	security@mozilla.org	Issue Tracking Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-15/	security@mozilla.org	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-16/	security@mozilla.org	Vendor Advisory
http://www.securityfocus.com/bid/99057	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038689	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1342742	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-15/	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-16/	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/99057

Source: security@mozilla.org

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.securitytracker.com/id/1038689

Source: security@mozilla.org

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1342742

Source: security@mozilla.org

Resource:

Issue Tracking

Vendor Advisory

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2017-15/

Source: security@mozilla.org

Resource:

Vendor Advisory

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2017-16/

Source: security@mozilla.org

Resource:

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/99057

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.securitytracker.com/id/1038689

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1342742

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Issue Tracking

Vendor Advisory

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2017-15/

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2017-16/

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Similar CVEs

1176Records found

CVE-2018-0831

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.88% / 75.46%

7 Day CHG~0.00%

Published-15 Feb, 2018 | 02:00

Updated-17 Sep, 2024 | 00:10

The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability".

Product-windows_server_2016 windows_10 Windows

CVE-2018-0748

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-5.78% / 90.56%

7 Day CHG~0.00%

Published-04 Jan, 2018 | 14:00

Updated-16 Sep, 2024 | 23:25

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability".

Product-windows_server_2016 windows_server_2012 windows_8.1 windows_7 windows_10 windows_server_2008 Windows kernel

CWE ID-CWE-269

Improper Privilege Management

CVE-2018-0958

Matching Score-8

Matching Score-8

CVSS Score-5.3||MEDIUM

EPSS-1.70% / 82.44%

7 Day CHG~0.00%

Published-09 May, 2018 | 19:00

Updated-05 Aug, 2024 | 03:44

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-8129, CVE-2018-8132.

Product-windows_server_2016 windows_10 Windows 10 Servers Windows 10 Windows Server 2016

CVE-2018-0827

Matching Score-8

Matching Score-8

CVSS Score-5.3||MEDIUM

EPSS-2.24% / 84.69%

7 Day CHG~0.00%

Published-15 Feb, 2018 | 02:00

Updated-16 Sep, 2024 | 18:38

Windows Scripting Host (WSH) in Windows 10 versions 1703 and 1709 and Windows Server, version 1709 allows a Device Guard security feature bypass vulnerability due to the way objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability".

Product-windows_server_2016 windows_10 Windows Scripting Host

CVE-2018-0877

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-11.49% / 93.68%

7 Day CHG~0.00%

Published-14 Mar, 2018 | 17:00

Updated-16 Sep, 2024 | 20:07

The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka "Windows Desktop Bridge VFS Elevation of Privilege Vulnerability".

Product-windows_server windows_10 windows_server_2016 Windows Desktop Bridge Virtual File System

CVE-2018-0752

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-3.86% / 88.31%

7 Day CHG~0.00%

Published-04 Jan, 2018 | 14:00

Updated-16 Sep, 2024 | 20:32

The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0751.

Product-windows_server_2016 windows_server_2012 windows_8.1 windows_10 Windows kernel

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CVE-2018-0884

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-1.16% / 78.74%

7 Day CHG~0.00%

Published-14 Mar, 2018 | 17:00

Updated-16 Sep, 2024 | 19:51

Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to how objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0902.

Product-windows_server windows_10 windows_server_2016 Windows Scripting Host

CVE-2018-0756

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-1.16% / 78.74%

7 Day CHG~0.00%

Published-15 Feb, 2018 | 02:00

Updated-16 Sep, 2024 | 16:49

The Windows kernel in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0809, CVE-2018-0820 and CVE-2018-0843.

Product-windows_server_2016 windows_10 Windows

CVE-2018-0820

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-1.16% / 78.74%

7 Day CHG~0.00%

Published-15 Feb, 2018 | 02:00

Updated-05 Aug, 2024 | 03:35

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and CVE-2018-0843.

Vendor-n/a Microsoft Corporation

Product-windows_server_2016 windows_server_2012 windows_8.1 windows_rt_8.1 windows_7 windows_10 windows_server_2008 n/a

CVE-2018-0438

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-7.8||HIGH

EPSS-2.99% / 86.64%

7 Day CHG~0.00%

Published-05 Oct, 2018 | 14:00

Updated-26 Nov, 2024 | 14:43

Cisco Umbrella Enterprise Roaming Client Privilege Escalation Vulnerability

A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.

Vendor-Cisco Systems, Inc.Microsoft Corporation

Product-windows umbrella_enterprise_roaming_client Cisco Umbrella

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-269

Improper Privilege Management

CVE-2021-1055

Matching Score-8

Assigner-NVIDIA Corporation

Matching Score-8

Assigner-NVIDIA Corporation

CVSS Score-5.3||MEDIUM

EPSS-0.06% / 17.02%

7 Day CHG~0.00%

Published-08 Jan, 2021 | 00:50

Updated-03 Aug, 2024 | 15:55

NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which improper access control may lead to denial of service and information disclosure.

Vendor-NVIDIA Corporation Microsoft Corporation

Product-windows gpu_driver NVIDIA GPU Display Driver

CVE-2018-0437

Matching Score-8

Assigner-Cisco Systems, Inc.

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-7.8||HIGH

EPSS-12.95% / 94.13%

7 Day CHG~0.00%

Published-05 Oct, 2018 | 14:00

Updated-26 Nov, 2024 | 14:43

Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module Privilege Escalation Vulnerability

Vendor-Cisco Systems, Inc.Microsoft Corporation

Product-umbrella_roaming_module windows umbrella_enterprise_roaming_client Cisco Umbrella

CWE ID-CWE-264

Not Available

CWE ID-CWE-269

Improper Privilege Management

CVE-2017-8715

Matching Score-8

Matching Score-8

CVSS Score-5.3||MEDIUM

EPSS-1.91% / 83.43%

7 Day CHG~0.00%

Published-13 Oct, 2017 | 13:00

Updated-13 May, 2026 | 00:24

The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass".

Product-windows_server_2016 windows_10 Device Guard

CVE-2017-8590

Matching Score-8

Matching Score-8

CVSS Score-8.8||HIGH

EPSS-1.00% / 77.09%

7 Day CHG~0.00%

Published-11 Jul, 2017 | 21:00

Updated-13 May, 2026 | 00:24

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability".

Product-windows_10 windows_7 windows_8.1 windows_server_2008 windows_server_2016 windows_rt_8.1 windows_server_2012 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.

CWE ID-CWE-281

Improper Preservation of Permissions

CVE-2017-8746

Matching Score-8

Matching Score-8

CVSS Score-5.3||MEDIUM

EPSS-1.70% / 82.44%

7 Day CHG~0.00%

Published-13 Sep, 2017 | 01:00

Updated-13 May, 2026 | 00:24

Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka "Device Guard Security Feature Bypass Vulnerability".

Product-windows_server_2016 windows_10 Windows Device Guard

CVE-2017-8622

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-1.09% / 78.10%

7 Day CHG~0.00%

Published-08 Aug, 2017 | 21:00

Updated-13 May, 2026 | 00:24

Windows Subsystem for Linux in Windows 10 1703 allows an elevation of privilege vulnerability when it fails to properly handle handles NT pipes, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".

Product-windows_10 Windows Subsystem for Linux

CVE-2017-8465

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-6.99% / 91.53%

7 Day CHG~0.00%

Published-15 Jun, 2017 | 01:00

Updated-13 May, 2026 | 00:24

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8468.

Product-windows_server_2016 windows_10 windows_8.1 windows_server_2012 Microsoft Windows

CWE ID-CWE-281

Improper Preservation of Permissions

CVE-2017-8558

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-57.85% / 98.19%

7 Day CHG~0.00%

Published-29 Jun, 2017 | 13:00

Updated-13 May, 2026 | 00:24

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703 does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".

Product-windows_10 windows_7 windows_8.1 windows_server_2008 forefront_endpoint_protection windows_defender security_essentials windows_intune_endpoint_protection endpoint_protection Microsoft Malware Protection Engine

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-0062

Matching Score-8

Assigner-Intel Corporation

Matching Score-8

Assigner-Intel Corporation

CVSS Score-7.8||HIGH

EPSS-0.06% / 17.89%

7 Day CHG~0.00%

Published-11 Aug, 2021 | 12:47

Updated-03 Aug, 2024 | 15:25

Improper input validation in some Intel(R) Graphics Drivers before version 27.20.100.8935 may allow an authenticated user to potentially enable escalation of privilege via local access.

Product-windows graphics_drivers Intel(R) Graphics Drivers

CWE ID-CWE-20

Improper Input Validation

CVE-2017-8716

Matching Score-8

Matching Score-8

CVSS Score-5.3||MEDIUM

EPSS-2.33% / 84.97%

7 Day CHG~0.00%

Published-13 Sep, 2017 | 01:00

Updated-13 May, 2026 | 00:24

Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles objects in memory, aka "Windows Security Feature Bypass Vulnerability".

Product-windows_10 Windows Control Flow Guard

CVE-2017-8468

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.29% / 52.45%

7 Day CHG~0.00%

Published-15 Jun, 2017 | 01:00

Updated-13 May, 2026 | 00:24

Product-windows_server_2016 windows_10 windows_8.1 windows_server_2012 Microsoft Windows

CWE ID-CWE-281

Improper Preservation of Permissions

CVE-2017-8552

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.24% / 46.25%

7 Day CHG~0.00%

Published-15 Jun, 2017 | 01:00

Updated-13 May, 2026 | 00:24

A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation of privilege when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE is unique from CVE-2017-0263.

Product-windows_7 windows_server_2008 Microsoft Windows

CWE ID-CWE-281

Improper Preservation of Permissions

CVE-2017-8503

Matching Score-8

Matching Score-8

CVSS Score-8.8||HIGH

EPSS-1.16% / 78.74%

7 Day CHG~0.00%

Published-08 Aug, 2017 | 21:00

Updated-13 May, 2026 | 00:24

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8642.

Product-windows_server_2016 windows_10 edge Microsoft Edge

CVE-2017-8624

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.47% / 64.58%

7 Day CHG~0.00%

Published-08 Aug, 2017 | 21:00

Updated-13 May, 2026 | 00:24

CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability".

Product-windows_10 windows_7 windows_8.1 windows_server_2008 windows_server_2016 windows_rt_8.1 windows_server_2012 Common Log File System Driver

CVE-2017-8720

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.83% / 74.59%

7 Day CHG~0.00%

Published-13 Sep, 2017 | 01:00

Updated-13 May, 2026 | 00:24

The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8675.

Product-windows_10 windows_7 windows_8.1 windows_server_2008 windows_server_2016 windows_rt_8.1 windows_server_2012 Windows graphics component

CVE-2017-8466

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.69% / 71.94%

7 Day CHG~0.00%

Published-15 Jun, 2017 | 01:00

Updated-13 May, 2026 | 00:24

Windows Cursor in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows improper elevation of privilege, aka "Windows Cursor Elevation of Privilege Vulnerability".

Product-windows_10 windows_8.1 windows_server_2016 windows_rt_8.1 windows_server_2012 Windows Cursor

CWE ID-CWE-281

Improper Preservation of Permissions

CVE-2020-9606

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.32% / 55.34%

7 Day CHG~0.00%

Published-25 Jun, 2020 | 21:22

Updated-04 Aug, 2024 | 10:34

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Vendor-Apple Inc.Microsoft Corporation Adobe Inc.

Product-acrobat_dc windows macos acrobat_reader_dc Adobe Acrobat and Reader

CWE ID-CWE-416

Use After Free

CVE-2017-8591

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-3.11% / 86.93%

7 Day CHG~0.00%

Published-08 Aug, 2017 | 21:00

Updated-13 May, 2026 | 00:24

Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an remote code execution vulnerability when it fails to properly handle objects in memory, aka "Windows IME Remote Code Execution Vulnerability".

Product-windows_10 windows_8.1 windows_server_2016 windows_rt_8.1 windows_server_2012 Windows Shell

CVE-2017-8665

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-10.76% / 93.40%

7 Day CHG~0.00%

Published-15 Aug, 2017 | 18:00

Updated-13 May, 2026 | 00:24

The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability."

Vendor-Microsoft Corporation Apple Inc.

Product-xamarin.ios macos Xamarin.iOS

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CVE-2021-0066

Matching Score-8

Assigner-Intel Corporation

Matching Score-8

Assigner-Intel Corporation

CVSS Score-8.4||HIGH

EPSS-0.11% / 29.61%

7 Day CHG~0.00%

Published-09 Feb, 2022 | 22:04

Updated-05 May, 2025 | 17:16

Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access.

Product-proset_ac_3165 amt_wi-fi_6_ax201 proset_ac_9462 amt_ac_9560_firmware proset_ac_8265 killer_wi-fi_6_ax1650 amt_wi-fi_6_ax201_firmware proset_ac_3165_firmware amt_ac_8265_firmware proset_ac_8260 proset_ac_9461_firmware proset_wi-fi_6_ax201_firmware proset_wi-fi_6e_ax210 proset_wireless_7265_\(rev_d\)_firmware amt_wi-fi_6_ax210_firmware proset_wi-fi_6_ax200_firmware killer_wi-fi_6_ax1650_firmware proset_wi-fi_6_ax200 proset_ac_9461 proset_ac_8260_firmware amt_wi-fi_6_ax200 amt_wi-fi_6_ax210 amt_ac_8260_firmware amt_ac_8260 killer_ac_1550_firmware amt_ac_9260_firmware proset_ac_8265_firmware proset_wireless_7265_\(rev_d\)proset_ac_9462_firmware proset_wi-fi_6_ax201 killer_wi-fi_6e_ax1675_firmware proset_wi-fi_6e_ax210_firmware proset_ac_9260 killer_wi-fi_6e_ax1675 proset_ac_9560 amt_wi-fi_6_ax200_firmware amt_ac_9260 proset_ac_9260_firmware windows amt_ac_8265 amt_ac_9560 proset_ac_9560_firmware killer_ac_1550 proset_ac_3168 proset_ac_3168_firmware Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11

CWE ID-CWE-20

Improper Input Validation

CVE-2017-7794

Matching Score-8

Assigner-Mozilla Corporation

Matching Score-8

Assigner-Mozilla Corporation

CVSS Score-7.8||HIGH

EPSS-0.05% / 14.21%

7 Day CHG~0.00%

Published-11 Jun, 2018 | 21:00

Updated-05 Aug, 2024 | 16:12

On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55.

Vendor-Mozilla Corporation Linux Kernel Organization, Inc

Product-firefox linux_kernel Firefox

CWE ID-CWE-276

Incorrect Default Permissions

CVE-2020-1398

Matching Score-8

Matching Score-8

CVSS Score-6.8||MEDIUM

EPSS-0.21% / 43.20%

7 Day CHG~0.00%

Published-14 Jul, 2020 | 22:54

Updated-04 Aug, 2024 | 06:32

An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog.An attacker who successfully exploited the vulnerability could execute commands with elevated permissions.The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly., aka 'Windows Lockscreen Elevation of Privilege Vulnerability'.

Product-windows_server_2016 windows_server_2019 windows_10 Windows Windows 10 Version 2004 for x64-based Systems Windows Server Windows 10 Version 1903 for x64-based Systems Windows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems

CVE-2021-0061

Matching Score-8

Assigner-Intel Corporation

Matching Score-8

Assigner-Intel Corporation

CVSS Score-7.8||HIGH

EPSS-0.15% / 34.78%

7 Day CHG~0.00%

Published-11 Aug, 2021 | 12:47

Updated-03 Aug, 2024 | 15:25

Improper initialization in some Intel(R) Graphics Driver before version 27.20.100.9030 may allow an authenticated user to potentially enable escalation of privilege via local access.

Product-windows graphics_drivers Intel(R) Graphics Driver

CWE ID-CWE-665

Improper Initialization

CVE-2017-6256

Matching Score-8

Assigner-NVIDIA Corporation

Matching Score-8

Assigner-NVIDIA Corporation

CVSS Score-7.8||HIGH

EPSS-0.05% / 14.49%

7 Day CHG~0.00%

Published-28 Jul, 2017 | 19:00

Updated-13 May, 2026 | 00:24

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or potential escalation of privileges.

Product-gpu_driver windows NVIDIA Windows GPU Display Driver

CWE ID-CWE-20

Improper Input Validation

CVE-2017-6268

Matching Score-8

Assigner-NVIDIA Corporation

Matching Score-8

Assigner-NVIDIA Corporation

CVSS Score-7.8||HIGH

EPSS-0.05% / 14.76%

7 Day CHG~0.00%

Published-22 Sep, 2017 | 17:00

Updated-13 May, 2026 | 00:24

CWE ID-CWE-20

Improper Input Validation

CVE-2017-6253

Matching Score-8

Assigner-NVIDIA Corporation

Matching Score-8

Assigner-NVIDIA Corporation

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.60%

7 Day CHG~0.00%

Published-28 Jul, 2017 | 19:00

Updated-13 May, 2026 | 00:24

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated which may lead to denial of service or potential escalation of privileges

Vendor-n/a Microsoft Corporation NVIDIA Corporation

Product-gpu_driver windows n/a

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2017-6277

Matching Score-8

Assigner-NVIDIA Corporation

Matching Score-8

Assigner-NVIDIA Corporation

CVSS Score-7.8||HIGH

EPSS-0.12% / 30.28%

7 Day CHG~0.00%

Published-22 Sep, 2017 | 17:00

Updated-13 May, 2026 | 00:24

CWE ID-CWE-20

Improper Input Validation

CVE-2017-6255

Matching Score-8

Assigner-NVIDIA Corporation

Matching Score-8

Assigner-NVIDIA Corporation

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.60%

7 Day CHG~0.00%

Published-28 Jul, 2017 | 19:00

Updated-13 May, 2026 | 00:24

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an improper input parameter handling may lead to a denial of service or potential escalation of privileges.

Product-gpu_driver windows NVIDIA Windows GPU Display Driver

CWE ID-CWE-20

Improper Input Validation

CVE-2021-0121

Matching Score-8

Assigner-Intel Corporation

Matching Score-8

Assigner-Intel Corporation

CVSS Score-7.8||HIGH

EPSS-0.15% / 34.78%

7 Day CHG~0.00%

Published-17 Nov, 2021 | 19:00

Updated-03 Aug, 2024 | 15:32

Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access.

Product-iris_xe_max_dedicated_graphics windows_10 Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10

CVE-2017-6251

Matching Score-8

Assigner-NVIDIA Corporation

Matching Score-8

Assigner-NVIDIA Corporation

CVSS Score-7.8||HIGH

EPSS-0.03% / 8.30%

7 Day CHG~0.00%

Published-28 Jul, 2017 | 19:00

Updated-13 May, 2026 | 00:24

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges.

Product-gpu_driver windows NVIDIA Windows GPU Display Driver

CWE ID-CWE-862

Missing Authorization

CVE-2017-6254

Matching Score-8

Assigner-NVIDIA Corporation

Matching Score-8

Assigner-NVIDIA Corporation

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.60%

7 Day CHG~0.00%

Published-28 Jul, 2017 | 19:00

Updated-13 May, 2026 | 00:24

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from an user to the driver is used without validation which may lead to denial of service or potential escalation of privileges.

Product-gpu_driver windows NVIDIA Windows GPU Display Driver

CWE ID-CWE-20

Improper Input Validation

CVE-2017-6269

Matching Score-8

Assigner-NVIDIA Corporation

Matching Score-8

Assigner-NVIDIA Corporation

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.60%

7 Day CHG~0.00%

Published-22 Sep, 2017 | 17:00

Updated-13 May, 2026 | 00:24

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges.

CWE ID-CWE-20

Improper Input Validation

CVE-2017-6252

Matching Score-8

Assigner-NVIDIA Corporation

Matching Score-8

Assigner-NVIDIA Corporation

CVSS Score-7.8||HIGH

EPSS-0.04% / 12.60%

7 Day CHG~0.00%

Published-28 Jul, 2017 | 19:00

Updated-13 May, 2026 | 00:24

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges.

Product-gpu_driver windows NVIDIA Windows GPU Display Driver

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2017-6272

Matching Score-8

Assigner-NVIDIA Corporation

Matching Score-8

Assigner-NVIDIA Corporation

CVSS Score-7.8||HIGH

EPSS-0.12% / 30.28%

7 Day CHG~0.00%

Published-22 Sep, 2017 | 17:00

Updated-13 May, 2026 | 00:24

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges.

CWE ID-CWE-20

Improper Input Validation

CVE-2020-7817

Matching Score-8

Assigner-KrCERT/CC

Vendor-RAONWIZ (Laonwiz Co., Ltd.)Microsoft Corporation ActiveSoft (Active Soft Co., Ltd.)

Matching Score-8

Assigner-KrCERT/CC

CVSS Score-5.5||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-06 Aug, 2020 | 16:57

Updated-04 Aug, 2024 | 09:41

MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files.

Product-windows k_upload MyBrowserPlus

CWE ID-CWE-494

Download of Code Without Integrity Check

CVE-2020-7811

Matching Score-8

Assigner-KrCERT/CC

Matching Score-8

Assigner-KrCERT/CC

CVSS Score-6.2||MEDIUM

EPSS-0.04% / 13.23%

7 Day CHG~0.00%

Published-12 Oct, 2020 | 13:16

Updated-04 Aug, 2024 | 09:41

Samsung Update Local Privilege Escalation Vulnerability

Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication

Vendor-Samsung Electronics Samsung Microsoft Corporation

Product-windows update Samsung Update

CWE ID-CWE-502

Deserialization of Untrusted Data

CVE-2020-8763

Matching Score-8

Assigner-Intel Corporation

Matching Score-8

Assigner-Intel Corporation

CVSS Score-7.8||HIGH

EPSS-0.04% / 11.16%

7 Day CHG~0.00%

Published-13 Aug, 2020 | 02:14

Updated-04 Aug, 2024 | 10:12

Improper permissions in the installer for the Intel(R) RealSense(TM) D400 Series UWP driver for Windows* 10 may allow an authenticated user to potentially enable escalation of privilege via local access.

Product-realsense_d435_firmware realsense_d415_firmware realsense_d435i_firmware windows_10 Intel(R) RealSense(TM) D400 Series Advisory

CWE ID-CWE-276

Incorrect Default Permissions

CVE-2020-8601

Matching Score-8

Assigner-Trend Micro, Inc.

Matching Score-8

Assigner-Trend Micro, Inc.

CVSS Score-7.8||HIGH

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-20 Feb, 2020 | 22:50

Updated-04 Aug, 2024 | 10:03

Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory.

Vendor-Microsoft Corporation Trend Micro Incorporated

Product-windows vulnerability_protection Trend Micro Vulnerability Protection

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2017-3756

Matching Score-8

Assigner-Lenovo Group Ltd.

Product-thinkpad_t450s thinkpad_l560 thinkpad_13e_bios thinkpad_t440 thinkpad_t450 thinkpad_x250_sharkbay windows_10 thinkpad_e450c thinkpad_l540 thinkpad_e450_bios thinkpad_s1_yoga_non_vpro thinkpad_t540 thinkpad_yoga_11e_skylake thinkpad_t460s thinkpad_yoga_11e_beema thinkpad_x240_bios thinkpad_s3_yoga_14 thinkpad_p50_bios thinkpad_x250_broadwell thinkpad_t560_bios thinkpad_e450c_bios thinkpad_s1_yoga_non_vpro_bios thinkpad_yoga_11e_braswell thinkpad_yoga_11e_broadwell thinkpad_e455 thinkpad_p50s_bios thinkpad_yoga_11e_beema_bios thinkpad_t550_bios thinkpad_t540p thinkpad_yoga_14_460_s3 thinkpad_w540 thinkpad_w550s thinkpad_s540_bios thinkpad_11e_beema_bios thinkpad_s1_yoga_12 thinkpad_t460p_bios thinkpad_x1_carbon_20ax_bios thinkpad_edge_e440 thinkpad_11e_skylake_bios thinkpad_x1_yoga thinkpad_t540_bios thinkpad_helix_20ch windows_8.1 thinkpad_l460 thinkpad_s1_yoga_vpro_bios thinkpad_t540p_bios thinkpad_e565 thinkpad_x1_carbon_20bx_bios thinkpad_l560_bios thinkpad_x240 thinkpad_p50 thinkpad_11e_braswell_bios thinkpad_x240s thinkpad_edge_e540 thinkpad_t440s thinkpad_yoga_11e_skylake_bios thinkpad_p50s thinkpad_edge_e445_bios thinkpad_e550c_bios thinkpad_11e_broadwell thinkpad_e555 thinkpad_tablet_8_bios thinkpad_x1_carbon_bios thinkpad_s540 thinkpad_l450 thinkpad_w540_bios thinkpad_t440s_bios thinkpad_e555_bios thinkpad_e460_bios thinkpad_l460_bios thinkpad_x250_sharkbay_bios thinkpad_l540_bios thinkpad_t460s_bios thinkpad_s5_e560p_bios thinkpad_yoga_11e thinkpad_tablet_10_bios thinkpad_t440u_bios thinkpad_helix_20ch_bios thinkpad_x240s_bios thinkpad_s5_yoga_15 thinkpad_l450_bios thinkpad_yoga_11e_broadwell_bios thinkpad_x1_tablet_bios thinkpad_11e_beema thinkpad_x260 thinkpad_w541_bios thinkpad_s5_yoga_15_bios thinkpad_yoga_260_s1 thinkpad_e465_bios thinkpad_edge_e545_bios thinkpad_13e thinkpad_t440u thinkpad_e450 thinkpad_edge_e440_bios thinkpad_l440_bios thinkpad_e560 thinkpad_t550 thinkpad_helix_20cg thinkpad_tablet_8 thinkpad_e550_bios windows_7 thinkpad_tablet_10 thinkpad_s1_yoga_vpro thinkpad_s5_e560p thinkpad_p70_bios thinkpad_x140e_amd_bios thinkpad_l440 thinkpad_x140e_amd thinkpad_w541 thinkpad_e455_bios thinkpad_e550c thinkpad_x1_carbon_20ax thinkpad_t440p_bios thinkpad_t460_bios thinkpad_edge_e545 thinkpad_11e_braswell thinkpad_yoga_260_s1_bios thinkpad_w550s_bios thinkpad_x1_yoga_bios thinkpad_t560 thinkpad_edge_e540_bios thinkpad_p70 thinkpad_11e_skylake thinkpad_yoga_14_460_s3_bios thinkpad_edge_e445 thinkpad_t450s_bios thinkpad_helix_20cg_bios thinkpad_e550 thinkpad_t440p thinkpad_x1_tablet thinkpad_s3_yoga_14_bios thinkpad_x260_bios thinkpad_10_ella_2 thinkpad_yoga_11e_braswell_bios thinkpad_t460p thinkpad_s1_yoga_12_bios thinkpad_t450_bios thinkpad_11e_broadwell_bios thinkpad_x1_carbon_20bx thinkpad_x250_broadwell_bios thinkpad_x1_carbon thinkpad_e560_bios thinkpad_e565_bios thinkpad_t460 thinkpad_s3_s440_bios thinkpad_t440_bios thinkpad_10_ella_2_bios thinkpad_e460 thinkpad_s3_s440 thinkpad_yoga_11e_bios thinkpad_e465 ThinkPad Active Protection System

Matching Score-8

Assigner-Lenovo Group Ltd.

CVSS Score-7.8||HIGH

EPSS-0.06% / 19.91%

7 Day CHG~0.00%

Published-18 Aug, 2017 | 19:00

Updated-13 May, 2026 | 00:24

A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.

Vendor-Microsoft Corporation Lenovo Group Limited

CVE-2017-3007

Matching Score-8

Matching Score-8