Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-12902

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-15 Nov, 2021 | 15:48
Updated At-16 Sep, 2024 | 16:59
Rejected At-
Credits

Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:15 Nov, 2021 | 15:48
Updated At:16 Sep, 2024 | 16:59
Rejected At:
▼CVE Numbering Authority (CNA)

Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon Software
Versions
Affected
  • From Radeon Software before 20.11.2 (custom)
  • From Radeon Pro Software for Enterprise before 21.Q2 (custom)
Problem Types
TypeCWE IDDescription
textN/ANA
Type: text
CWE ID: N/A
Description: NA
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
x_refsource_MISC
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
x_refsource_MISC
x_transferred
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:15 Nov, 2021 | 16:15
Updated At:12 Jul, 2022 | 17:42

Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Advanced Micro Devices, Inc.
amd
>>radeon_software>>Versions before 20.11.2(exclusive)
cpe:2.3:a:amd:radeon_software:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>-
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000psirt@amd.com
Vendor Advisory
Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
Source: psirt@amd.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2193Records found
CVE-2021-29645
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.04% / 12.60%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 18:30
Updated-03 Aug, 2024 | 22:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.

Action-Not Available
Vendor-n/aHitachi, Ltd.Microsoft Corporation
Product-job_management_partner_1\/it_desktop_management-managerjp1\/it_desktop_management-managerjp1\/it_desktop_management_2-managerjp1\/netm\/dm_managerjp1\/it_desktop_management_2-operations_directorjob_management_partner_1\/remote_control_agentjp1\/netm\/remote_control_featurewindowsjp1\/netm\/dm_client-remote_control_featurejob_management_partner_1\/software_distribution_clientjp1\/netm\/dm_clientjob_management_partner_1\/software_distribution_managerjob_management_partner_1\/it_desktop_management_2-managerit_operations_directorjp1\/remote_control_featuren/a
CVE-2023-20565
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.26%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:54
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_pro_7940hs_firmwareryzen_5_6600h_firmwareryzen_9_pro_7940h_firmwareryzen_7_7800x3d_firmwareryzen_5_pro_7640hs_firmwareryzen_7_7735hs_firmwareryzen_9_6900hx_firmwareryzen_9_5980hxryzen_7_pro_7730uryzen_7_5800hsryzen_3_pro_7330uryzen_5_5500hryzen_5_5600hsryzen_3_5300geryzen_7_5825uryzen_7_5825u_firmwareryzen_5_6600hryzen_9_6980hxryzen_5_5560uryzen_9_7950xryzen_5_pro_7640uryzen_pro_7745ryzen_9_7900xryzen_7_7700xryzen_5_6600hsryzen_9_5900hsryzen_5_pro_7545u_firmwareryzen_7_7700x_firmwareryzen_7_5700gryzen_9_5980hsryzen_3_pro_7440u_firmwareryzen_3_5125c_firmwareryzen_9_6900hxryzen_5_7600ryzen_7_5800h_firmwareryzen_pro_7745_firmwareryzen_9_6900hsryzen_pro_7945_firmwareryzen_pro_7945ryzen_5_5500ryzen_7_pro_7840u_firmwareryzen_3_5400uryzen_pro_3900_firmwareryzen_7_7700_firmwareryzen_9_5980hs_firmwareryzen_7_7735uryzen_3_5300gryzen_5_7600x_firmwareryzen_7_6800h_firmwareryzen_7_6800u_firmwareryzen_5_5600ge_firmwareryzen_5_pro_7530uryzen_5_5600hs_firmwareryzen_5_5600h_firmwareryzen_7_pro_7840h_firmwareryzen_7_5700ryzen_9_6900hs_firmwareryzen_3_5400u_firmwareryzen_5_pro_7640u_firmwareryzen_7_6800hs_firmwareryzen_7_pro_7840uryzen_5_7535uryzen_7_7800x3dryzen_9_7900x3d_firmwareryzen_5_5500_firmwareryzen_5_pro_7640hsryzen_5_pro_7640h_firmwareryzen_5_5600hryzen_7_6800hsryzen_5_7535u_firmwareryzen_5_pro_7640hryzen_7_6800uryzen_7_7736uryzen_5_5600gryzen_3_5425u_firmwareryzen_7_7735hsryzen_9_7900x3dryzen_5_5600uryzen_9_pro_7940hryzen_5_pro_7540u_firmwareryzen_pro_7645_firmwareryzen_9_5900hx_firmwareryzen_pro_3900ryzen_5_5600geryzen_9_7900_firmwareryzen_5_7600xryzen_3_5300ge_firmwareryzen_5_5625uryzen_5_6600uryzen_9_6980hs_firmwareryzen_7_5700geryzen_3_pro_7440uryzen_7_pro_7840hryzen_3_5125cryzen_9_6980hx_firmwareryzen_7_7735u_firmwareryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_pro_7645ryzen_5_6600u_firmwareryzen_3_7335uryzen_7_5700g_firmwareryzen_5_7535hs_firmwareryzen_7_5700_firmwareryzen_5_7600_firmwareryzen_7_pro_7840hs_firmwareryzen_7_pro_7840hsryzen_5_7500f_firmwareryzen_5_7535hsryzen_3_5300g_firmwareryzen_5_7500fryzen_7_5800u_firmwareryzen_9_pro_7940hsryzen_7_7736u_firmwareryzen_5_6600hs_firmwareryzen_3_pro_7330u_firmwareryzen_3_5425uryzen_5_pro_7540uryzen_5_5560u_firmwareryzen_3_5100_firmwareryzen_9_5980hx_firmwareryzen_7_5800uryzen_9_5900hxryzen_9_7950x3d_firmwareryzen_5_5600g_firmwareryzen_9_7950x3dryzen_7_7700ryzen_5_5500h_firmwareryzen_5_pro_7545uryzen_3_5100ryzen_7_5800hryzen_7_pro_7730u_firmwareryzen_9_7900ryzen_9_7950x_firmwareryzen_5_pro_7530u_firmwareryzen_7_5800hs_firmwareryzen_5_5625u_firmwareryzen_3_7335u_firmwareryzen_7_5700ge_firmwareryzen_9_6980hsryzen_7_6800hryzen_9_7900x_firmwareAMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"AMD Ryzen™ Embedded V3000Ryzen™ 7000 Series Desktop Processors “Raphael” XD3AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R” Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8
CWE ID-CWE-269
Improper Privilege Management
CVE-2016-3305
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.54% / 66.60%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3306.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CVE-2021-28927
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.69%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 14:09
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.

Action-Not Available
Vendor-libretron/aMicrosoft Corporation
Product-retroarchwindowsn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-0631
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.49%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0627, CVE-2019-0632.

Action-Not Available
Vendor-Microsoft Corporation
Product-powershell_corewindows_server_2019windows_10windows_server_2016WindowsPowerShell CoreWindows Server
CVE-2016-3309
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-51.57% / 97.81%
||
7 Day CHG~0.00%
Published-09 Aug, 2016 | 21:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-05||Apply updates per vendor instructions.

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_10_1507windows_7windows_server_2008windows_10_1511windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10_1607n/aWindows
CVE-2009-0082
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.81% / 73.23%
||
7 Day CHG~0.00%
Published-10 Mar, 2009 | 20:00
Updated-21 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_vistawindows_server_2008windows_xpwindows_2000n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-10128
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.16%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 19:15
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development GroupMicrosoft Corporation
Product-windowspostgresqlpostgresql
CWE ID-CWE-284
Improper Access Control
CVE-2021-28436
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 65.56%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Speech Runtime Elevation of Privilege Vulnerability

Windows Speech Runtime Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2021-28822
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.86%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 20:15
Updated-17 Sep, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability

The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.

Action-Not Available
Vendor-Microsoft CorporationTIBCO (Cloud Software Group, Inc.)
Product-enterprise_message_servicewindowsTIBCO Enterprise Message ServiceTIBCO Enterprise Message Service - Developer EditionTIBCO Enterprise Message Service - Community Edition
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-28817
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.53%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 20:15
Updated-17 Sep, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Rendezvous Windows Platform Installation vulnerability

The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.

Action-Not Available
Vendor-Microsoft CorporationTIBCO (Cloud Software Group, Inc.)
Product-windowsrendezvousTIBCO Rendezvous Developer EditionTIBCO Rendezvous
CVE-2021-28351
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.68% / 70.67%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Speech Runtime Elevation of Privilege Vulnerability

Windows Speech Runtime Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2021-28320
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.68% / 70.67%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability

Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2021-28310
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-26.52% / 96.13%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_20h2windows_server_2004windows_server_1909windows_10_1909windows_10_2004windows_10_1803windows_server_2019windows_10_1809windows_10_20h2Windows Server version 20H2Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 20H2Windows 10 Version 2004Windows 10 Version 1803Windows Server version 2004Windows Server 2019Windows 10 Version 1909Win32k
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28349
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.50% / 65.01%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI+ Remote Code Execution Vulnerability

Windows GDI+ Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-28821
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.13% / 32.73%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 20:15
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Enterprise Message Service Windows Platform Installation vulnerability

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.

Action-Not Available
Vendor-Microsoft CorporationTIBCO (Cloud Software Group, Inc.)
Product-enterprise_message_servicewindowsTIBCO Enterprise Message ServiceTIBCO Enterprise Message Service - Developer EditionTIBCO Enterprise Message Service - Community Edition
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-28440
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.44% / 62.33%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-28825
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.03% / 6.66%
||
7 Day CHG~0.00%
Published-14 Apr, 2021 | 16:20
Updated-16 Sep, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Messaging - Eclipse Mosquitto Distribution - Core Windows Platform Installation vulnerability

The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition: versions 1.3.0 and below.

Action-Not Available
Vendor-Microsoft CorporationTIBCO (Cloud Software Group, Inc.)
Product-windowsmessaging_-_eclipse_mosquitto_distribution_-_coreTIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise EditionTIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-28313
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.67% / 70.48%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016visual_studiovisual_studio_2019windows_10visual_studio_2017windows_server_2019Windows 10 Version 2004Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Microsoft Visual Studio 2015 Update 3Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-28315
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.13% / 77.41%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Media Video Decoder Remote Code Execution Vulnerability

Windows Media Video Decoder Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-28322
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.69% / 70.78%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016visual_studiovisual_studio_2019windows_10visual_studio_2017windows_server_2019Windows 10 Version 2004Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Microsoft Visual Studio 2015 Update 3Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-28819
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.03% / 8.11%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 20:15
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO FTL Windows Platform Installation vulnerability

The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below.

Action-Not Available
Vendor-Microsoft CorporationTIBCO (Cloud Software Group, Inc.)
Product-ftlwindowsTIBCO FTL - Community EditionTIBCO FTL - Enterprise EditionTIBCO FTL - Developer Edition
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-28458
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.91% / 85.84%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability

Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-ms-rest-nodeauth@azure/ms-rest-nodeauth
CVE-2021-27892
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.53%
||
7 Day CHG~0.00%
Published-15 Mar, 2021 | 14:08
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected.

Action-Not Available
Vendor-sshn/aMicrosoft Corporation
Product-windowstectia_clienttectia_connectsecuretectia_servern/a
CVE-2024-26176
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.88%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:58
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-126
Buffer Over-read
CVE-2024-26169
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-26.70% / 96.15%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:58
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-07-04||Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Windows Error Reporting Service Elevation of Privilege Vulnerability

Windows Error Reporting Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 10 Version 1809Windows 10 Version 22H2Windows 10 Version 1507Windows 10 Version 1607Windows 11 version 21H2Windows Server 2019Windows 10 Version 21H2Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022Windows Server 2016Windows Server 2019 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-26170
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.96% / 82.75%
||
7 Day CHG-0.05%
Published-12 Mar, 2024 | 16:58
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability

Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2022_23h2windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_11_23h2Windows 11 version 22H3Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows 11 version 21H2Windows Server 2022Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2021-28314
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 65.56%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Elevation of Privilege Vulnerability

Windows Hyper-V Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2024-26218
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-32.63% / 96.71%
||
7 Day CHG+9.43%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2022_23h2windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_11_23h2Windows 11 version 22H3Windows Server 2019Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2021-28460
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.52% / 66.03%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Sphere Unsigned Code Execution Vulnerability

Azure Sphere Unsigned Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_sphereAzure Sphere
CVE-2024-26211
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-6.81% / 90.95%
||
7 Day CHG+2.58%
Published-09 Apr, 2024 | 17:01
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows Server 2012 R2Windows Server 2019Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-26239
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.32%
||
7 Day CHG+0.12%
Published-09 Apr, 2024 | 17:01
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Server Elevation of Privilege Vulnerability

Windows Telephony Server Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows Server 2012 R2Windows Server 2019Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-28321
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.11% / 77.22%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016visual_studiovisual_studio_2019windows_10visual_studio_2017windows_server_2019Windows 10 Version 2004Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Microsoft Visual Studio 2015 Update 3Windows 10 Version 20H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-28820
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.53%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 20:15
Updated-17 Sep, 2024 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO FTL Windows Platform Artifact Search vulnerability

The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below.

Action-Not Available
Vendor-Microsoft CorporationTIBCO (Cloud Software Group, Inc.)
Product-ftlwindowsTIBCO FTL - Community EditionTIBCO FTL - Enterprise EditionTIBCO FTL - Developer Edition
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-26237
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.63% / 69.34%
||
7 Day CHG+0.25%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Defender Credential Guard Elevation of Privilege Vulnerability

Windows Defender Credential Guard Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2022_23h2windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_11_23h2Windows 11 version 22H3Windows Server 2019Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809
CWE ID-CWE-416
Use After Free
CVE-2021-28547
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.87%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:45
Updated-23 Apr, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Creative Cloud for macOS Privilege Escalation Vulnerability

Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get permissions of any directory under the administrator authority.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-creative_cloud_desktop_applicationwindowsmacosCreative Cloud (desktop component)
CWE ID-CWE-20
Improper Input Validation
CVE-2021-28347
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.68% / 70.67%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Speech Runtime Elevation of Privilege Vulnerability

Windows Speech Runtime Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2024-26182
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.15% / 83.58%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:58
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_10_22h2windows_server_2019windows_10_1607Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809
CWE ID-CWE-416
Use After Free
CVE-2021-28826
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.03% / 6.66%
||
7 Day CHG~0.00%
Published-14 Apr, 2021 | 16:20
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge Windows Platform Installation vulnerability

The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition: versions 1.3.0 and below.

Action-Not Available
Vendor-Microsoft CorporationTIBCO (Cloud Software Group, Inc.)
Product-windowsmessaging_-_eclipse_mosquitto_distribution_-_bridgeTIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community EditionTIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-26398
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.64%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:56
Updated-09 Apr, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7371_firmwareepyc_7261epyc_7451epyc_7282_firmwareepyc_7f32epyc_7551_firmwareepyc_7272_firmwareepyc_7573xepyc_7713pepyc_7443epyc_7513epyc_7232p_firmwareepyc_7702epyc_7453epyc_7373xepyc_7513_firmwareepyc_7542epyc_7281_firmwareepyc_7413_firmwareepyc_7h12_firmwareepyc_7002epyc_7643_firmwareepyc_7f52epyc_75f3epyc_7373x_firmwareepyc_7001epyc_7f32_firmwareepyc_7743_firmwareepyc_7f72_firmwareepyc_7662_firmwareepyc_7502epyc_75f3_firmwareepyc_7001_firmwareepyc_7343_firmwareepyc_7281epyc_7551epyc_7551pepyc_7313pepyc_7002_firmwareepyc_7551p_firmwareepyc_7601_firmwareepyc_7573x_firmwareepyc_7352epyc_7713_firmwareepyc_7401epyc_7742epyc_7272epyc_7713epyc_7003_firmwareepyc_7443p_firmwareepyc_7773xepyc_7003epyc_7261_firmwareepyc_7742_firmwareepyc_7501epyc_7501_firmwareepyc_7301_firmwareepyc_7743epyc_7443_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7542_firmwareepyc_7763_firmwareepyc_7313p_firmwareepyc_7252epyc_7502pepyc_7302p_firmwareepyc_7642_firmwareepyc_7h12epyc_7452epyc_7543p_firmwareepyc_7401pepyc_7302epyc_7601epyc_7232pepyc_7663epyc_7552_firmwareepyc_7773x_firmwareepyc_72f3_firmwareepyc_7371epyc_7f72epyc_7662epyc_7642epyc_7451_firmwareepyc_7532_firmwareepyc_7502p_firmwareepyc_7413epyc_7301epyc_7401p_firmwareepyc_7313epyc_7663_firmwareepyc_7351_firmwareepyc_7251epyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7302_firmwareepyc_7763epyc_7402_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7251_firmwareepyc_7401_firmwareepyc_72f3epyc_7643epyc_7452_firmwareepyc_7402p_firmwareepyc_7351epyc_7313_firmwareepyc_7543pepyc_7443pepyc_7453_firmwareepyc_7282epyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532epyc_73f33rd Gen EPYC2nd Gen EPYC1st Gen EPYC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-26324
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.72%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 18:27
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7443_firmwareepyc_7313epyc_7343epyc_7663_firmwareepyc_7543_firmwareepyc_7763_firmwareepyc_7573x_firmwareepyc_7713pepyc_7573xepyc_74f3_firmwareepyc_7513epyc_7443epyc_7313p_firmwareepyc_7763epyc_7713_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7453epyc_7373xepyc_7713epyc_7513_firmwareepyc_7543p_firmwareepyc_7443p_firmwareepyc_7773xepyc_7413_firmwareepyc_72f3epyc_7643epyc_7643_firmwareepyc_7663epyc_7773x_firmwareepyc_75f3epyc_72f3_firmwareepyc_7373x_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_75f3_firmwareepyc_7473xepyc_7453_firmwareepyc_7343_firmwareepyc_7473x_firmwareepyc_74f3epyc_7413epyc_7313pepyc_73f33rd Gen AMD EPYC™
CVE-2021-26862
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.47% / 63.58%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:37
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-26872
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 65.56%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:39
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-26331
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.87%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 18:09
Updated-16 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7443_firmwareepyc_7402pepyc_7343epyc_7451epyc_7252_firmwareepyc_7282_firmwareepyc_7543_firmwareepyc_7542_firmwareepyc_7f32epyc_7763_firmwareepyc_7551_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7351p_firmwareepyc_7453epyc_7642_firmwareepyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7401pepyc_7281_firmwareepyc_7413_firmwareepyc_7302epyc_7601epyc_7232pepyc_7002epyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_72f3_firmwareepyc_7001epyc_7f72epyc_7f32_firmwareepyc_7662epyc_7502epyc_7001_firmwareepyc_75f3_firmwareepyc_7662_firmwareepyc_7f72_firmwareepyc_7642epyc_7451_firmwareepyc_7343_firmwareepyc_7532_firmwareepyc_7281epyc_7551epyc_7502p_firmwareepyc_7413epyc_7301epyc_7551pepyc_7313pepyc_7401p_firmwareepyc_7002_firmwareepyc_7313epyc_7351pepyc_7551p_firmwareepyc_7663_firmwareepyc_7601_firmwareepyc_7351_firmwareepyc_7251epyc_7532epyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7763epyc_7302_firmwareepyc_7713_firmwareepyc_7401epyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7003_firmwareepyc_7443p_firmwareepyc_7003epyc_7251_firmwareepyc_7401_firmwareepyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareepyc_7351epyc_7313_firmwareepyc_7543pepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7501epyc_7501_firmwareepyc_7702_firmwareepyc_74f3epyc_7352_firmwareepyc_7301_firmwareepyc_73f32nd Gen AMD EPYC™3rd Gen AMD EPYC™1st Gen AMD EPYC™
CWE ID-CWE-20
Improper Input Validation
CVE-2023-1017
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.26%
||
7 Day CHG~0.00%
Published-28 Feb, 2023 | 18:02
Updated-02 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TPM2.0 vulnerable to out-of-bounds write

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.

Action-Not Available
Vendor-trustedcomputinggroupTrusted Computing GroupMicrosoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_11_22h2windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2trusted_platform_modulewindows_server_2019windows_10_1607TPM2.0
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-26426
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.64% / 69.72%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:11
Updated-18 Nov, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows User Account Profile Picture Elevation of Privilege Vulnerability

Windows User Account Profile Picture Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows Server 2016Windows 10 Version 20H2Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-27090
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.47% / 87.09%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows Server version 2004Windows 10 Version 2004Windows Server version 20H2Windows 10 Version 20H2
CVE-2021-26899
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.44% / 62.11%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:43
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows UPnP Device Host Elevation of Privilege Vulnerability

Windows UPnP Device Host Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-26384
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.00%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 19:28
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_3_3200u_firmwareryzen_5_2700x_firmwareryzen_3_3450uryzen_5_5600hathlon_silver_3050u_firmwareryzen_3_3300uryzen_3_3550hryzen_5_5600gryzen_3_5425cryzen_3_5425u_firmwareryzen_5_5600uryzen_5_2500uryzen_9_5980hxryzen_3_3750hryzen_3_2300u_firmwareryzen_7_5800hsryzen_9_5900hx_firmwareryzen_5_5600hsryzen_3_5300geryzen_3_2300uryzen_5_5600geryzen_7_5825uryzen_5_2600xryzen_7_5825u_firmwareryzen_3_3550h_firmwareryzen_3_5300ge_firmwareryzen_5_5625uryzen_7_2700u_firmwareryzen_7_5700geryzen_5_2700ryzen_3_3780u_firmwareryzen_3_5125cryzen_7_2800h_firmwareryzen_5_2700_firmwareryzen_3_3500u_firmwareryzen_3_3700cryzen_5_5560uryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_5_2500u_firmwareryzen_7_5700g_firmwareryzen_3_2200u_firmwareryzen_9_5900hsryzen_3_2200uryzen_7_2700xryzen_3_3500cryzen_3_3500uryzen_7_5700gryzen_9_5980hsryzen_3_5300g_firmwareryzen_3_5125c_firmwareryzen_7_5800u_firmwareryzen_3_3200uryzen_7_5825c_firmwareryzen_5_2600ryzen_7_5800h_firmwareryzen_7_2700ryzen_7_2700x_firmwareryzen_5_5625c_firmwareryzen_3_3580u_firmwareathlon_silver_3050uryzen_3_3700u_firmwareryzen_5_2600hryzen_5_5625cryzen_3_5425uryzen_9_5980hx_firmwareryzen_5_5560u_firmwareryzen_7_2700uryzen_3_3750h_firmwareryzen_3_5400uryzen_3_3580uryzen_7_5825cryzen_3_3500c_firmwareryzen_7_5800uryzen_7_2800hryzen_5_2600h_firmwareryzen_3_3700uryzen_9_5900hxryzen_3_3700c_firmwareryzen_3_3250uryzen_5_5600g_firmwareryzen_9_5980hs_firmwareryzen_5_2600x_firmwareryzen_3_5300gathlon_gold_3150u_firmwareryzen_5_5600ge_firmwareryzen_5_5600hs_firmwareryzen_7_2700_firmwareryzen_3_5425c_firmwareathlon_gold_3150uryzen_5_5600h_firmwareryzen_3_3350u_firmwareryzen_5_2700xryzen_7_5800hryzen_3_5400u_firmwareryzen_5_2600_firmwareryzen_3_3780uryzen_3_3250u_firmwareryzen_3_3300u_firmwareryzen_3_3450u_firmwareryzen_7_5800hs_firmwareryzen_5_5625u_firmwareryzen_7_5700ge_firmwareryzen_3_3350uAthlon™ SeriesRyzen™ Series
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-26878
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 58.55%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:40
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 43
  • 44
  • Next
Details not found