Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-21705

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-14 Feb, 2023 | 19:32
Updated At-01 Jan, 2025 | 00:40
Rejected At-
Credits

Microsoft SQL Server Remote Code Execution Vulnerability

Microsoft SQL Server Remote Code Execution Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:14 Feb, 2023 | 19:32
Updated At:01 Jan, 2025 | 00:40
Rejected At:
▼CVE Numbering Authority (CNA)
Microsoft SQL Server Remote Code Execution Vulnerability

Microsoft SQL Server Remote Code Execution Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SQL Server 2012 Service Pack 4 (QFE)
Platforms
  • 32-bit Systems
Versions
Affected
  • From 11.0.0 before 11.0.7512.11 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)
Platforms
  • x64-based Systems
Versions
Affected
  • From 11.0.0 before 11.0.7512.11 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SQL Server 2017 (GDR)
Platforms
  • x64-based Systems
Versions
Affected
  • From 14.0.0 before 14.0.2047.8 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SQL Server 2014 Service Pack 3 (GDR)
Platforms
  • x64-based Systems
  • 32-bit Systems
Versions
Affected
  • From 12.0.0 before 12.0.6444.4 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SQL Server 2014 Service Pack 3 (CU 4)
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 12.0.0 before 12.0.6174.8 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SQL Server 2019 (GDR)
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.0.0 before 15.0.2101.7 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SQL Server 2016 Service Pack 3 (GDR)
Platforms
  • x64-based Systems
Versions
Affected
  • From 13.0.0 before 13.0.6430.49 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack
Platforms
  • x64-based Systems
Versions
Affected
  • From 13.0.0 before 13.0.7024.30 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SQL Server 2017 (CU 31)
Platforms
  • x64-based Systems
Versions
Affected
  • From 14.0.0 before 14.0.3460.9 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SQL Server 2022 (GDR)
Platforms
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before 16.0.1050.5 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SQL Server 2019 (CU 18)
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.0.0 before 15.0.4280.7 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-321CWE-321: Use of Hard-coded Cryptographic Key
Type: CWE
CWE ID: CWE-321
Description: CWE-321: Use of Hard-coded Cryptographic Key
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705
vendor-advisory
x_transferred
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:14 Feb, 2023 | 20:15
Updated At:29 May, 2024 | 03:15

Microsoft SQL Server Remote Code Execution Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>sql_server>>2012
cpe:2.3:a:microsoft:sql_server:2012:sp4:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>sql_server>>2014
cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>sql_server>>2016
cpe:2.3:a:microsoft:sql_server:2016:sp3:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>sql_server>>2017
cpe:2.3:a:microsoft:sql_server:2017:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>sql_server>>2019
cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>sql_server>>2022
cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-321Secondarysecure@microsoft.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-321
Type: Secondary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

413Records found
CVE-2022-41062
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.27% / 84.01%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-02 Jan, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016
CVE-2022-41038
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-5.43% / 89.79%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016
CVE-2023-24907
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-3.46% / 87.09%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-28 Feb, 2025 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2012Windows 10 Version 1809Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-40231
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.14%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 18:22
Updated-12 Mar, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator Standard Edition improper access control

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 235533.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-sterling_b2b_integratoraixwindowslinux_kernelSterling B2B Integrator Standard Edition
CVE-2023-24886
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.42% / 61.03%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-28 Feb, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2012Windows 10 Version 1809Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2023-24926
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.83% / 85.65%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-28 Feb, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2012Windows 10 Version 1809Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-40232
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 14.29%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 17:44
Updated-12 Mar, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator Standard Edition improper access control

IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-sterling_b2b_integratoraixwindowslinux_kernelSterling B2B Integrator Standard Edition
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-38034
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-7.01% / 91.11%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Workstation Service Elevation of Privilege Vulnerability

Windows Workstation Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-38009
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-4.73% / 89.00%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 18:42
Updated-11 Mar, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CVE-2022-37975
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-5.36% / 89.71%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Group Policy Elevation of Privilege Vulnerability

Windows Group Policy Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2023-24929
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.42% / 61.03%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-28 Feb, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2012Windows 10 Version 1809Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2022-37961
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-43.04% / 97.40%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 18:42
Updated-11 Mar, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CVE-2022-38045
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-5.32% / 89.66%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Server Service Elevation of Privilege Vulnerability

Windows Server Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2022-38053
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-52.44% / 97.84%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016
CVE-2022-37976
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-8.34% / 91.95%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active Directory Certificate Services Elevation of Privilege Vulnerability

Active Directory Certificate Services Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CVE-2022-38008
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-4.73% / 89.00%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 18:42
Updated-11 Mar, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019SharePoint Server Subscription Edition Language PackMicrosoft SharePoint Server Subscription Edition
CVE-2025-47166
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-3.47% / 87.11%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-36564
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.46%
||
7 Day CHG~0.00%
Published-30 Aug, 2022 | 20:05
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.

Action-Not Available
Vendor-strawberryperln/aMicrosoft Corporation
Product-windowsstrawberryperln/a
CVE-2022-35841
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-7.35% / 91.33%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 18:42
Updated-11 Mar, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Enterprise App Management Service Remote Code Execution Vulnerability

Windows Enterprise App Management Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows 11 version 21H2Windows 10 Version 20H2Windows 10 Version 21H2Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows Server 2022Windows Server 2019
CVE-2023-24924
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.83% / 85.65%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-28 Feb, 2025 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2012Windows 10 Version 1809Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-34691
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.22% / 78.24%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:51
Updated-05 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active Directory Domain Services Elevation of Privilege Vulnerability

Active Directory Domain Services Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_8.1windows_server_2012windows_7windows_11windows_rt_8.1windows_server_2008windows_server_2016windows_10windows_server_2022windows_server_2019Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2016Windows Server 2019 (Server Core installation)Windows 8.1Windows Server version 20H2Windows 10 Version 1809Windows 7 Service Pack 1Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1507Windows Server 2008 Service Pack 2Windows 10 Version 20H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 7Windows 10 Version 1607Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2019Windows Server 2022Windows Server 2012Windows Server 2016 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-47163
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.88% / 82.43%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-47954
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 25.41%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-28 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2022Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2022 for x64-based Systems (CU 20)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-47172
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.50%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-34883
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.54% / 66.66%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 06:30
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection Vulnerability in RAID Manager Storage Replication Adapter

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

Action-Not Available
Vendor-Docker, Inc.Hitachi, Ltd.Microsoft Corporation
Product-dockerwindowsraid_manager_storage_replication_adapterRAID Manager Storage Replication Adapter
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-34700
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.62% / 69.02%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 18:41
Updated-11 Mar, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability

Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Microsoft Dynamics CRM (on-premises) 9.1Microsoft Dynamics CRM (on-premises) 9.0
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-47995
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.32%
||
7 Day CHG~0.00%
Published-18 Jul, 2025 | 17:04
Updated-23 Aug, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Machine Learning Elevation of Privilege Vulnerability

Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_machine_learningAzure Machine Learning
CWE ID-CWE-1390
Weak Authentication
CVE-2020-1504
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-15.79% / 94.47%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 19:13
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-excelMicrosoft Excel 2010 Service Pack 2
CVE-2022-30157
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-9.83% / 92.68%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 21:51
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2013 Service Pack 1
CVE-2022-30158
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-9.50% / 92.53%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 21:51
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2013 Service Pack 1
CVE-2022-30165
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-6.87% / 91.00%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 21:52
Updated-24 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Elevation of Privilege Vulnerability

Windows Kerberos Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows Server 2019Windows 11 version 21H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server version 20H2Windows Server 2022Windows 10 Version 20H2Windows 10 Version 1607
CVE-2020-27694
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-8.8||HIGH
EPSS-1.11% / 77.29%
||
7 Day CHG~0.00%
Published-09 Nov, 2020 | 23:10
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsinterscan_messaging_security_virtual_applianceTrend Micro InterScan Messaging Security Virtual Appliance (IMSVA)
CVE-2015-2360
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-5.87% / 90.22%
||
7 Day CHG~0.00%
Published-10 Jun, 2015 | 01:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-15||Apply updates per vendor instructions.

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8windows_server_2008windows_rt_8.1windows_vistawindows_server_2003windows_server_2012windows_8.1n/aWin32k
CWE ID-CWE-416
Use After Free
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-3928
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-8.7||HIGH
EPSS-16.24% / 94.56%
||
7 Day CHG+1.83%
Published-25 Apr, 2025 | 15:56
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-05-19||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Commvault Web Server unspecified vulnerability

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationCommvault Systems, Inc.
Product-linux_kernelwindowscommvaultWeb ServerWeb Server
CVE-2023-22663
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 46.26%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-287
Improper Authentication
CVE-2020-25967
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.50% / 64.93%
||
7 Day CHG~0.00%
Published-10 Dec, 2020 | 21:07
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability.

Action-Not Available
Vendor-fastadminn/aMicrosoft Corporation
Product-windowsfastadminn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2022-29108
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-3.83% / 87.70%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:34
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Server Subscription Edition
CVE-2022-29376
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.55% / 66.91%
||
7 Day CHG~0.00%
Published-23 May, 2022 | 20:16
Updated-15 Aug, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.

Action-Not Available
Vendor-n/aApache FriendsMicrosoft Corporation
Product-xamppwindowsn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-29129
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-13.62% / 93.99%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:34
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-29137
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-9.99% / 92.76%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:34
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2023-21744
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.25% / 83.92%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-28 Feb, 2025 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21707
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-66.17% / 98.46%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:32
Updated-28 Feb, 2025 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 11Microsoft Exchange Server 2019 Cumulative Update 12
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21695
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.11% / 77.27%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:33
Updated-01 Jan, 2025 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-21684
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-3.29% / 86.71%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:32
Updated-12 Apr, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2008 R2 Service Pack 1Windows Server 2022Windows 10 Version 1607Windows Server 2012 R2Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 21H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows Server 2012Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 22H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 11 version 22H2
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2015-0242
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-3.27% / 86.66%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 15:29
Updated-06 Aug, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.

Action-Not Available
Vendor-The PostgreSQL Global Development GroupDebian GNU/LinuxMicrosoft Corporation
Product-windowsdebian_linuxpostgresqlPostgreSQL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21727
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.83% / 85.65%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Procedure Call Runtime Remote Code Execution Vulnerability

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows Server 2016Windows 10 Version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022Windows 11 version 21H2Windows 10 Version 1507Windows Server 2012Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows Server 2019Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-29131
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-11.96% / 93.51%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:34
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2022-29141
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-9.65% / 92.59%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:34
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2022-29128
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-13.62% / 93.99%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:34
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2020-17158
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-11.97% / 93.51%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 23:36
Updated-28 Aug, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Dynamics 365 for Finance and Operations
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 8
  • 9
  • Next
Details not found