Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-1373

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-14 Jul, 2020 | 22:54
Updated At-04 Aug, 2024 | 06:32
Rejected At-
Credits

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:14 Jul, 2020 | 22:54
Updated At:04 Aug, 2024 | 06:32
Rejected At:
â–¼CVE Numbering Authority (CNA)

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 2004 for 32-bit Systems
Versions
Affected
  • unspecified
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 2004 for ARM64-based Systems
Versions
Affected
  • unspecified
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 2004 for x64-based Systems
Versions
Affected
  • unspecified
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server, version 2004 (Server Core installation)
Versions
Affected
  • unspecified
Vendor
Microsoft CorporationMicrosoft
Product
Windows
Versions
Affected
  • 10 Version 1803 for 32-bit Systems
  • 10 Version 1803 for x64-based Systems
  • 10 Version 1803 for ARM64-based Systems
  • 10 Version 1809 for 32-bit Systems
  • 10 Version 1809 for x64-based Systems
  • 10 Version 1809 for ARM64-based Systems
  • 10 Version 1709 for 32-bit Systems
  • 10 Version 1709 for x64-based Systems
  • 10 Version 1709 for ARM64-based Systems
  • 10 for 32-bit Systems
  • 10 for x64-based Systems
  • 10 Version 1607 for 32-bit Systems
  • 10 Version 1607 for x64-based Systems
  • 7 for 32-bit Systems Service Pack 1
  • 7 for x64-based Systems Service Pack 1
  • 8.1 for 32-bit systems
  • 8.1 for x64-based systems
  • RT 8.1
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server
Versions
Affected
  • 2019
  • 2019 (Core installation)
  • 2016
  • 2016 (Core installation)
  • 2008 for 32-bit Systems Service Pack 2
  • 2008 for 32-bit Systems Service Pack 2 (Core installation)
  • 2008 for x64-based Systems Service Pack 2
  • 2008 for x64-based Systems Service Pack 2 (Core installation)
  • 2008 R2 for x64-based Systems Service Pack 1
  • 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
  • 2012
  • 2012 (Core installation)
  • 2012 R2
  • 2012 R2 (Core installation)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1909 for 32-bit Systems
Versions
Affected
  • unspecified
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1909 for x64-based Systems
Versions
Affected
  • unspecified
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1909 for ARM64-based Systems
Versions
Affected
  • unspecified
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server, version 1909 (Server Core installation)
Versions
Affected
  • unspecified
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1903 for 32-bit Systems
Versions
Affected
  • unspecified
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1903 for x64-based Systems
Versions
Affected
  • unspecified
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1903 for ARM64-based Systems
Versions
Affected
  • unspecified
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server, version 1903 (Server Core installation)
Versions
Affected
  • unspecified
Problem Types
TypeCWE IDDescription
textN/AElevation of Privilege
Type: text
CWE ID: N/A
Description: Elevation of Privilege
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1373
x_refsource_MISC
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1373
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1373
x_refsource_MISC
x_transferred
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1373
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:14 Jul, 2020 | 23:15
Updated At:21 Jul, 2021 | 11:39

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Microsoft Corporation
microsoft
>>windows_10>>-
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1709
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1803
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1809
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1903
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1909
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>2004
cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>-
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_8.1>>-
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_rt_8.1>>-
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>-
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>1903
cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>1909
cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>2004
cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1373secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1373
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2313Records found
CVE-2022-21994
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.52% / 66.42%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DWM Core Library Elevation of Privilege Vulnerability

Windows DWM Core Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_11windows_server_2019windows_10Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2022-21885
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.37%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-22034
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.65% / 70.27%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:37
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Elevation of Privilege Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2016Windows 7Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CWE ID-CWE-416
Use After Free
CVE-2024-38184
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.68%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:29
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2019Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-21838
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.47% / 63.98%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cleanup Manager Elevation of Privilege Vulnerability

Windows Cleanup Manager Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-21871
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.45% / 63.31%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability

Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_10_21h1windows_serverwindows_server_2016windows_10_1507visual_studio_2019windows_11_21h2windows_10_1909windows_10_20h2visual_studio_2017windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server version 20H2Windows 10 Version 1909Microsoft Visual Studio 2015 Update 3Windows Server 2016Windows 10 Version 20H2Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2019
CVE-2022-21882
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-89.43% / 99.53%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-30 Oct, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-02-18||Apply updates per vendor instructions.
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_21h2windows_10_1909windows_10_21h1windows_10_21h2windows_server_2022windows_10_1809windows_server_2019windows_server_20h2windows_10_20h2Windows Server 2022Windows Server 2019Windows 11 version 21H2Windows 10 Version 21H2Windows 10 Version 1809Windows Server version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 20H2Windows 10 Version 1909Win32k
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-21887
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.46% / 63.76%
||
7 Day CHG-0.01%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11Windows 11 version 21H2
CVE-2022-21873
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.57% / 68.12%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tile Data Repository Elevation of Privilege Vulnerability

Tile Data Repository Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_11windows_10windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2022-21916
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.09% / 83.73%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-21910
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.97% / 76.31%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Cluster Port Driver Elevation of Privilege Vulnerability

Microsoft Cluster Port Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2019windows_server_2016Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows Server 2016
CVE-2022-21852
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 59.18%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DWM Core Library Elevation of Privilege Vulnerability

Windows DWM Core Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_11windows_server_2019windows_10Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-22043
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.55% / 67.56%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:37
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability

Windows Fast FAT File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2016Windows 7Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CVE-2022-21836
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.59% / 68.70%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Certificate Spoofing Vulnerability

Windows Certificate Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-21861
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.31% / 54.02%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Task Flow Data Engine Elevation of Privilege Vulnerability

Task Flow Data Engine Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_11windows_server_2019windows_10Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2022-21884
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.68%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_server_2019windows_server_2008Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CVE-2024-36358
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.80%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 21:21
Updated-23 Oct, 2025 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncTrend Micro IncorporatedMicrosoft Corporation
Product-unixlinux_kerneldeep_security_agentwindowsTrend Micro Deep Security Agentdeep_security_agent
CWE ID-CWE-1106
Insufficient Use of Symbolic Constants
CVE-2022-21879
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.03% / 76.98%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2019windows_10windows_server_2016Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 20H2
CVE-2022-21870
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.57% / 68.12%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability

Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2025-57836
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.70%
||
7 Day CHG~0.00%
Published-05 Jan, 2026 | 00:00
Updated-30 Jan, 2026 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.

Action-Not Available
Vendor-n/aSamsungMicrosoft Corporation
Product-magicianwindowsn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-21833
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 58.70%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Virtual Machine IDE Drive Elevation of Privilege Vulnerability

Virtual Machine IDE Drive Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-21999
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-61.60% / 98.28%
||
7 Day CHG-9.77%
Published-09 Feb, 2022 | 16:36
Updated-30 Oct, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.
Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2012windows_10_21h2windows_10_1809windows_server_2022windows_rt_8.1windows_8.1windows_10_1507windows_10_1909windows_server_2008windows_10_21h1windows_10_20h2windows_10_1607windows_server_20h2windows_server_2019windows_11_21h2windows_server_2016Windows 11 version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 7Windows 10 Version 21H1Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1909Windows Server 2012 (Server Core installation)Windows Server 2022Windows Server 2019Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows 7 Service Pack 1Windows Server 2012 R2Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 20H2Windows Server 2008 R2 Service Pack 1Windows Server 2016Windows Server version 20H2Windows
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-22001
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.48%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2022-21996
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.24%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11Windows 11 version 21H2
CVE-2022-21875
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.57% / 68.12%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Storage Elevation of Privilege Vulnerability

Windows Storage Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_serverwindows_server_2012windows_8.1windows_10windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows Server 2016Windows 10 Version 20H2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2019-3652
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-5||MEDIUM
EPSS-0.12% / 31.17%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 14:21
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ENS code injection in EPSetup.exe

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-windowsendpoint_securityMcAfee Endpoint Security (ENS)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-41244
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-0.97% / 76.19%
||
7 Day CHG-0.04%
Published-29 Sep, 2025 | 16:09
Updated-06 Nov, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-11-20||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationBroadcom Inc.Debian GNU/LinuxVMware (Broadcom Inc.)
Product-toolstelco_cloud_infrastructureopen_vm_toolswindowsdebian_linuxaria_operationscloud_foundation_operationslinux_kernelcloud_foundationtelco_cloud_platformVMware Cloud FoundationVMware Telco Cloud InfrastructureVCF operationsVMware Aria OperationsVMware toolsVMware Telco Cloud PlatformVMware Aria Operations and VMware Tools
CWE ID-CWE-267
Privilege Defined With Unsafe Actions
CVE-2022-1316
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.05%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 20:05
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Permission Assignment for Critical Resource in zerotier/zerotierone

Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation

Action-Not Available
Vendor-zerotierzerotierMicrosoft Corporation
Product-windowszerotieronezerotier/zerotierone
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-4015
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.08% / 24.56%
||
7 Day CHG~0.00%
Published-11 Mar, 2019 | 22:00
Updated-16 Sep, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-0883
Matching Score-8
Assigner-Snow Software
ShareView Details
Matching Score-8
Assigner-Snow Software
CVSS Score-7.3||HIGH
EPSS-0.06% / 17.97%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 16:37
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Unquoted/Trusted Service Paths

SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched.

Action-Not Available
Vendor-snowsoftwareSNOWMicrosoft Corporation
Product-snow_license_managerwindowsSnow License Manager
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-0483
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.64%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation due to insecure folder permissions

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-windowsvss_doctorAcronis VSS Doctor
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-42300
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6||MEDIUM
EPSS-0.22% / 44.60%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:47
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Sphere Tampering Vulnerability

Azure Sphere Tampering Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_sphereAzure Sphere
CVE-2022-0016
Matching Score-8
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.4||HIGH
EPSS-0.04% / 11.96%
||
7 Day CHG~0.00%
Published-10 Feb, 2022 | 18:10
Updated-17 Sep, 2024 | 02:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon

An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.

Action-Not Available
Vendor-Apple Inc.Palo Alto Networks, Inc.Microsoft Corporation
Product-globalprotectwindowsmacosGlobalProtect App
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2022-0017
Matching Score-8
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Palo Alto Networks, Inc.
CVSS Score-7||HIGH
EPSS-0.04% / 11.94%
||
7 Day CHG~0.00%
Published-10 Feb, 2022 | 18:10
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation

An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms.

Action-Not Available
Vendor-Palo Alto Networks, Inc.Microsoft Corporation
Product-globalprotectwindowsGlobalProtect App
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-45441
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.22%
||
7 Day CHG~0.00%
Published-08 Jan, 2022 | 15:51
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityworry-free_business_security_servicesTrend Micro Apex One
CWE ID-CWE-346
Origin Validation Error
CVE-2021-45440
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-08 Jan, 2022 | 15:51
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityworry-free_business_security_servicesTrend Micro Apex OneTrend Micro Worry-Free Business Security
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-36631
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-8.4||HIGH
EPSS-0.02% / 4.92%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 14:34
Updated-23 Oct, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

Action-Not Available
Vendor-Tenable, Inc.Microsoft Corporation
Product-nessus_agentwindowsAgent
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-35201
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 21.09%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 21:11
Updated-04 Feb, 2025 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel CorporationMicrosoft Corporation
Product-windowsserver_debug_and_provisioning_toolIntel(R) SDP Tool for Windows softwaresdp_software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-45231
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.46%
||
7 Day CHG~0.00%
Published-08 Jan, 2022 | 15:51
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityworry-free_business_security_servicesTrend Micro Apex OneTrend Micro Worry-Free Business Security
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-43883
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-9.27% / 92.56%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-44204
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.49%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-17 Sep, 2024 | 01:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation via named pipe due to improper access control checks

Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-cyber_protectcyber_protect_home_officewindowstrue_imageagentAcronis Cyber Protect 15Acronis AgentAcronis Cyber Protect Home OfficeAcronis True Image 2021
CWE ID-CWE-285
Improper Authorization
CVE-2021-43877
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.68% / 71.19%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2019asp.net_corevisual_studio_2022Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2022 version 17.1Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)ASP.NET Core 5.0Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)ASP.NET Core 3.1Microsoft Visual Studio 2022 version 17.0ASP.NET Core 6.0
CVE-2021-43326
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.54% / 81.06%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 06:14
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.

Action-Not Available
Vendor-automoxn/aMicrosoft Corporation
Product-windowsautomoxn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-36632
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.58%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 13:56
Updated-21 Oct, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.

Action-Not Available
Vendor-Tenable, Inc.Microsoft Corporation
Product-nessus_agentwindowsAgent
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-43245
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.01%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Digital TV Tuner Elevation of Privilege Vulnerability

Windows Digital TV Tuner Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_8.1windows_rt_8.1windows_7windows_server_2008Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server 2012 R2 (Server Core installation)Windows 7 Service Pack 1
CVE-2025-36633
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-0.01% / 1.93%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 14:21
Updated-23 Oct, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation.

Action-Not Available
Vendor-Tenable, Inc.Microsoft Corporation
Product-nessus_agentwindowsAgent
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-43247
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.70% / 71.65%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows TCP/IP Driver Elevation of Privilege Vulnerability

Windows TCP/IP Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_11windows_10windows_server_2019Windows Server 2022Windows 10 Version 2004Windows 10 Version 21H2Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-43325
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.87%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 06:14
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression.

Action-Not Available
Vendor-automoxn/aMicrosoft Corporation
Product-windowsautomoxn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-43248
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.29%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Digital Media Receiver Elevation of Privilege Vulnerability

Windows Digital Media Receiver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2021-43238
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.42%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Elevation of Privilege Vulnerability

Windows Remote Access Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 46
  • 47
  • Next
Details not found