Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-35899

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 Jul, 2022 | 16:14
Updated At-03 Aug, 2024 | 09:44
Rejected At-
Credits

There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 Jul, 2022 | 16:14
Updated At:03 Aug, 2024 | 09:44
Rejected At:
▼CVE Numbering Authority (CNA)

There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/AngeloPioAmirante/CVE-2022-35899
x_refsource_MISC
https://packetstormsecurity.com/files/167763/Asus-GameSDK-1.0.0.4-Unquoted-Service-Path.html
x_refsource_MISC
https://www.exploit-db.com/exploits/50985
x_refsource_MISC
Hyperlink: https://github.com/AngeloPioAmirante/CVE-2022-35899
Resource:
x_refsource_MISC
Hyperlink: https://packetstormsecurity.com/files/167763/Asus-GameSDK-1.0.0.4-Unquoted-Service-Path.html
Resource:
x_refsource_MISC
Hyperlink: https://www.exploit-db.com/exploits/50985
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/AngeloPioAmirante/CVE-2022-35899
x_refsource_MISC
x_transferred
https://packetstormsecurity.com/files/167763/Asus-GameSDK-1.0.0.4-Unquoted-Service-Path.html
x_refsource_MISC
x_transferred
https://www.exploit-db.com/exploits/50985
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/AngeloPioAmirante/CVE-2022-35899
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://packetstormsecurity.com/files/167763/Asus-GameSDK-1.0.0.4-Unquoted-Service-Path.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/50985
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:21 Jul, 2022 | 17:15
Updated At:06 Oct, 2022 | 18:37

There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
ASUS (ASUSTeK Computer Inc.)
asus
>>aura_ready_game_software_development_kit>>1.0.0.4
cpe:2.3:a:asus:aura_ready_game_software_development_kit:1.0.0.4:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-428Primarynvd@nist.gov
CWE ID: CWE-428
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/AngeloPioAmirante/CVE-2022-35899cve@mitre.org
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/167763/Asus-GameSDK-1.0.0.4-Unquoted-Service-Path.htmlcve@mitre.org
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/50985cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/AngeloPioAmirante/CVE-2022-35899
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://packetstormsecurity.com/files/167763/Asus-GameSDK-1.0.0.4-Unquoted-Service-Path.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/50985
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

2419Records found
CVE-2026-42989
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.52%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:06
Updated-11 Jun, 2026 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Winlogon Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1607windows_server_2025windows_server_2012windows_server_2016windows_server_2022windows_10_22h2windows_11_23h2windows_11_24h2windows_11_25h2windows_11_26h1windows_server_2019windows_10_1809Windows Server 2025 (Server Core installation)Windows 10 Version 1607Windows Server 2016Windows Server 2025Windows 10 Version 1809Windows 11 Version 25H2Windows Server 2022Windows Server 2016 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 22H2Windows 11 version 23H2Windows Server 2012Windows 11 version 26H1Windows Server 2012 R2Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows Server 2019
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-45487
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 17.17%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:04
Updated-11 Jun, 2026 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability

Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2025windows_server_2022windows_10_22h2windows_11_23h2windows_11_24h2windows_11_25h2windows_11_26h1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2025Windows 10 Version 22H2Windows 11 version 23H2Windows 11 Version 25H2Windows 11 version 26H1Windows 11 Version 23H2Windows Server 2022Windows 10 Version 21H2
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-45586
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.10%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:05
Updated-11 Jun, 2026 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1607windows_server_2025windows_server_2012windows_server_2016windows_server_2022windows_10_22h2windows_11_23h2windows_11_24h2windows_11_25h2windows_11_26h1windows_server_2019windows_10_1809Windows Server 2025 (Server Core installation)Windows 10 Version 1607Windows Server 2016Windows Server 2025Windows 10 Version 1809Windows 11 Version 25H2Windows Server 2022Windows Server 2016 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 22H2Windows 11 version 23H2Windows Server 2012Windows 11 version 26H1Windows Server 2012 R2Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows Server 2019
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-45592
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.02%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:05
Updated-11 Jun, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Internet (wininet.dll) Elevation of Privilege Vulnerability

Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1607windows_server_2025windows_server_2012windows_server_2016windows_server_2022windows_10_22h2windows_11_23h2windows_11_24h2windows_11_25h2windows_11_26h1windows_server_2019windows_10_1809Windows Server 2025 (Server Core installation)Windows 10 Version 1607Windows Server 2016Windows Server 2025Windows 10 Version 1809Windows 11 Version 25H2Windows Server 2022Windows Server 2016 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 22H2Windows 11 version 23H2Windows Server 2012 R2Windows 11 version 26H1Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows Server 2019
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-416
Use After Free
CVE-2025-0320
Matching Score-8
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Citrix Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.07% / 22.02%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 13:25
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Citrix Secure Access - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)Microsoft Corporation
Product-secure_access_clientwindowsSecure Access Client for Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-28819
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.03% / 10.37%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 20:15
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO FTL Windows Platform Installation vulnerability

The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below.

Action-Not Available
Vendor-Microsoft CorporationTIBCO (Cloud Software Group, Inc.)
Product-ftlwindowsTIBCO FTL - Community EditionTIBCO FTL - Enterprise EditionTIBCO FTL - Developer Edition
CWE ID-CWE-863
Incorrect Authorization
CVE-2015-2387
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-24.68% / 96.26%
||
7 Day CHG~0.00%
Published-14 Jul, 2015 | 22:00
Updated-22 Apr, 2026 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012windows_server_2003n/aATM Font Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1733
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 55.62%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-19 Nov, 2024 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sysinternals PsExec Elevation of Privilege Vulnerability

Sysinternals PsExec Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-psexecPsExec
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-41092
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.47%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:05
Updated-11 Jun, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Kinect Elevation of Privilege Vulnerability

Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1607windows_server_2025windows_server_2012windows_server_2016windows_server_2022windows_10_22h2windows_11_23h2windows_11_24h2windows_11_25h2windows_11_26h1windows_server_2019windows_10_1809Windows Server 2025 (Server Core installation)Windows 10 Version 1607Windows Server 2016Windows Server 2025Windows 11 Version 26H1Windows 10 Version 1809Windows 11 Version 25H2Windows Server 2022Windows Server 2016 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 22H2Windows 11 version 23H2Windows Server 2012Windows 11 version 26H1Windows Server 2012 R2Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows Server 2019
CWE ID-CWE-284
Improper Access Control
CVE-2026-42829
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.47%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:05
Updated-11 Jun, 2026 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Administrator Protection Secure Feature Bypass Vulnerability

Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_26h1windows_11_25h2windows_11_24h2Windows 11 Version 24H2Windows 11 Version 25H2Windows 11 version 26H1
CWE ID-CWE-284
Improper Access Control
CVE-2026-42980
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.97%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:06
Updated-11 Jun, 2026 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NT OS Kernel Elevation of Privilege Vulnerability

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1607windows_server_2025windows_server_2012windows_server_2016windows_server_2022windows_10_22h2windows_11_23h2windows_11_24h2windows_11_25h2windows_11_26h1windows_server_2019windows_10_1809Windows Server 2025 (Server Core installation)Windows 10 Version 1607Windows Server 2016Windows Server 2025Windows 11 Version 26H1Windows 10 Version 1809Windows 11 Version 25H2Windows Server 2022Windows Server 2016 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 22H2Windows 11 version 23H2Windows Server 2012Windows 11 version 26H1Windows Server 2012 R2Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows Server 2019
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-42983
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.89%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:06
Updated-11 Jun, 2026 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DWM Core Library Elevation of Privilege Vulnerability

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2025windows_server_2022windows_10_22h2windows_11_23h2windows_11_24h2windows_11_25h2windows_11_26h1windows_server_2019windows_10_1809Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2025Windows 10 Version 22H2Windows 11 version 23H2Windows 10 Version 1809Windows 11 Version 25H2Windows 11 version 26H1Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2019
CWE ID-CWE-416
Use After Free
CVE-2026-44809
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.89%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:06
Updated-11 Jun, 2026 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_26h1windows_server_2025windows_11_25h2windows_11_24h2Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2025Windows 11 Version 25H2Windows 11 version 26H1
CWE ID-CWE-416
Use After Free
CVE-2026-44810
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.06% / 18.53%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:06
Updated-11 Jun, 2026 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_server_2022windows_11_23h2windows_11_24h2windows_11_25h2windows_11_26h1Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2025Windows 11 version 23H2Windows 11 Version 25H2Windows 11 version 26H1Windows 11 Version 23H2Windows Server 2022
CWE ID-CWE-287
Improper Authentication
CVE-2015-2291
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-5.61% / 90.53%
||
7 Day CHG~0.00%
Published-09 Aug, 2017 | 18:00
Updated-22 Apr, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-03-03||Apply updates per vendor instructions.

(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-ethernet_diagnostics_driver_iqvw64.sysethernet_diagnostics_driver_iqvw32.syswindowsn/aEthernet Diagnostics Driver for Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2024-9950
Matching Score-8
Assigner-Forescout Technologies
ShareView Details
Matching Score-8
Assigner-Forescout Technologies
CVSS Score-8.5||HIGH
EPSS-2.39% / 85.34%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 15:40
Updated-17 Oct, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Abuse of Unauthenticated Compliance Recheck in SecureConnector

A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory.

Action-Not Available
Vendor-Forescout Technologies, Inc.Microsoft Corporation
Product-secureconnectorwindowsSecureConnector
CWE ID-CWE-379
Creation of Temporary File in Directory with Insecure Permissions
CVE-2002-0051
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.83% / 74.99%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2000n/a
CWE ID-CWE-667
Improper Locking
CVE-2021-28818
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.05% / 16.33%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 20:15
Updated-17 Sep, 2024 | 00:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Rendezvous Windows Platform Artifact Search vulnerability

The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.

Action-Not Available
Vendor-Microsoft CorporationTIBCO (Cloud Software Group, Inc.)
Product-windowsrendezvousTIBCO Rendezvous Developer EditionTIBCO Rendezvous
CVE-2021-28460
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.39% / 60.20%
||
7 Day CHG-0.14%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Sphere Unsigned Code Execution Vulnerability

Azure Sphere Unsigned Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_sphereAzure Sphere
CVE-2021-28349
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.82%
||
7 Day CHG-0.09%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI+ Remote Code Execution Vulnerability

Windows GDI+ Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-28321
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.85% / 75.35%
||
7 Day CHG-0.23%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016visual_studiovisual_studio_2019windows_10visual_studio_2017windows_server_2019Windows 10 Version 2004Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Microsoft Visual Studio 2015 Update 3Windows 10 Version 20H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2001-1238
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 67.01%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2000n/a
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CVE-2021-28320
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.50% / 66.48%
||
7 Day CHG-0.18%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability

Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2021-28310
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-53.95% / 98.06%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-30 Oct, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_1909windows_10_1909windows_server_2004windows_10_1809windows_server_2019windows_10_2004windows_server_20h2windows_10_20h2windows_10_1803Windows 10 Version 1803Windows Server 2019Windows 10 Version 2004Windows 10 Version 1809Windows Server version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 20H2Windows Server, version 1909 (Server Core installation)Windows 10 Version 1909Windows Server version 2004Win32k
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32764
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.13%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 00:00
Updated-17 Oct, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator.

Action-Not Available
Vendor-fabasoftn/afabasoftMicrosoft Corporation
Product-windowsfolio_\/_egov-suitecloudcloud_enterprise_clientn/acloud_enterprise_client
CVE-2021-26880
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 59.74%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:41
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1607Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2021-27064
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.20%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-15 Aug, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Installer Elevation of Privilege Vulnerability

Visual Studio Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2019visual_studio_2017Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
CVE-2021-26441
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.07%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:26
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-26434
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.44% / 63.42%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Elevation of Privilege Vulnerability

Visual Studio Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2019visual_studio_2017Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-27072
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.26% / 49.74%
||
7 Day CHG-0.09%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1803Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2021-26862
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.34% / 56.81%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:37
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-26875
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.82%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:39
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32k Elevation of Privilege Vulnerability

Windows Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-43207
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 55.30%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-26873
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.20% / 41.51%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:39
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows User Profile Service Elevation of Privilege Vulnerability

Windows User Profile Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-26887
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.97%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:42
Updated-24 Feb, 2026 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability

<p>An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder.</p> <p>To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data.</p> <p>This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See the <strong>FAQ</strong> section of this CVE for configuration guidance.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_server_2008windows_10windows_8.1windows_7windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-26872
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 58.21%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:39
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-26431
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 60.11%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:11
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Recovery Environment Agent Elevation of Privilege Vulnerability

Windows Recovery Environment Agent Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows Server version 20H2Windows 10 Version 20H2
CVE-2021-27088
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.17%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2021-27086
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.53%
||
7 Day CHG-0.02%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Services and Controller App Elevation of Privilege Vulnerability

Windows Services and Controller App Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-26889
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.50% / 66.41%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:42
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Update Stack Elevation of Privilege Vulnerability

Windows Update Stack Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-26677
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.90%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 18:06
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their privileges. A successful exploit could allow an attacker to execute arbitrary code with SYSTEM level privileges.

Action-Not Available
Vendor-n/aMicrosoft CorporationAruba Networks
Product-windowsclearpass_policy_managerAruba ClearPass Policy Manager
CVE-2021-26429
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.7||HIGH
EPSS-0.60% / 69.95%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:11
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Sphere Elevation of Privilege Vulnerability

Azure Sphere Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_sphereAzure Sphere
CVE-2021-26899
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 61.64%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:43
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows UPnP Device Host Elevation of Privilege Vulnerability

Windows UPnP Device Host Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-26860
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.28% / 51.55%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:36
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows App-V Overlay Filter Elevation of Privilege Vulnerability

Windows App-V Overlay Filter Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2021-42107
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.05%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 07:46
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityworry-free_business_security_servicesTrend Micro Apex OneTrend Micro Worry-Free Business Security
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-7553
Matching Score-8
Assigner-MongoDB, Inc.
ShareView Details
Matching Score-8
Assigner-MongoDB, Inc.
CVSS Score-7.3||HIGH
EPSS-0.22% / 45.02%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 09:57
Updated-19 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Accessing Untrusted Directory May Allow Local Privilege Escalation

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue

Action-Not Available
Vendor-MongoDB, Inc.Microsoft Corporation
Product-windows_server_2016windows_10_1803windows_11_22h2windows_10_1507windows_11_21h2c_driverwindows_10_21h1windows_11_23h2windows_10_1511mongodbwindows_10_21h2windows_10_1809windows_10_1709windows_10_2004php_driverwindows_10_1903windows_10_1909windows_11windows_10_22h2windows_10_20h2windows_server_2022windows_10_1703windows_server_2019windows_10_1607MongoDB PHP DriverMongoDB ServerMongoDB C Driver
CWE ID-CWE-284
Improper Access Control
CVE-2021-42280
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 36.24%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:47
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Feedback Hub Elevation of Privilege Vulnerability

Windows Feedback Hub Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 2004Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-6773
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.72%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 14:37
Updated-06 Aug, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges

Action-Not Available
Vendor-n/aMicrosoft CorporationSplunk LLC (Cisco Systems, Inc.)
Product-windowssplunkn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-26898
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 59.56%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:43
Updated-19 Nov, 2024 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-26415
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-11.47% / 93.77%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • ...
  • 48
  • 49
  • Next
Details not found