Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-21725

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-10 Jan, 2023 | 00:00
Updated At-01 Jan, 2025 | 00:35
Rejected At-
Credits

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:10 Jan, 2023 | 00:00
Updated At:01 Jan, 2025 | 00:35
Rejected At:
▼CVE Numbering Authority (CNA)
Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Windows Malicious Software Removal Tool
Platforms
  • x64-based Systems
  • 32-bit Systems
Versions
Affected
  • From 5.0.0 before 5.109.19957.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-59CWE-59: Improper Link Resolution Before File Access ('Link Following')
Type: CWE
CWE ID: CWE-59
Description: CWE-59: Improper Link Resolution Before File Access ('Link Following')
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725
vendor-advisory
x_transferred
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:10 Jan, 2023 | 22:15
Updated At:29 May, 2024 | 03:15

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.3MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>windows_malicious_software_removal_tool>>Versions before 5.109(exclusive)
cpe:2.3:a:microsoft:windows_malicious_software_removal_tool:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-362Primarynvd@nist.gov
CWE-59Secondarysecure@microsoft.com
CWE ID: CWE-362
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-59
Type: Secondary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725secure@microsoft.com
N/A
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21725
Source: secure@microsoft.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

533Records found
CVE-2024-43470
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.62% / 68.95%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_network_watcher_agentAzure Network Watcher VM Extension
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2007-0099
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-56.54% / 98.02%
||
7 Day CHG+0.37%
Published-08 Jan, 2007 | 20:00
Updated-07 Aug, 2024 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-xml_core_servicesinternet_explorern/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-43551
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.70% / 71.01%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Storage Elevation of Privilege Vulnerability

Windows Storage Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 11 Version 24H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 1607Windows 11 version 22H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows 11 Version 23H2Windows 11 version 21H2Windows 11 version 22H3
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-43467
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.31%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5181
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.03% / 7.10%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-gfin/aMicrosoft Corporation
Product-vipre_antiviruswindows_xpn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-43501
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.80% / 73.06%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 10 Version 22H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows 11 version 22H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows 11 version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2006-2094
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-34.91% / 96.89%
||
7 Day CHG~0.00%
Published-29 Apr, 2006 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerien/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-37969
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-7.8||HIGH
EPSS-0.72% / 71.53%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.

Action-Not Available
Vendor-Google LLCMicrosoft CorporationFedora ProjectDebian GNU/Linux
Product-chromewindowsfedoradebian_linuxChrome
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-36928
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6||MEDIUM
EPSS-1.31% / 78.99%
||
7 Day CHG~0.00%
Published-26 Aug, 2021 | 17:20
Updated-18 Nov, 2024 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-37712
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.02% / 4.39%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 "short path" counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file system entity, followed by a file using the first form. By first creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-qq89-hq3f-393p.

Action-Not Available
Vendor-npmjsnpmDebian GNU/LinuxOracle CorporationMicrosoft CorporationSiemens AG
Product-sinec_infrastructure_network_servicesdebian_linuxgraalvmwindowstarnode-tar
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-49123
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.37% / 57.98%
||
7 Day CHG+0.09%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Remote Code Execution Vulnerability

Windows Remote Desktop Services Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_10_1809windows_11_22h2windows_server_2025windows_11_24h2windows_10_21h2windows_10_22h2windows_server_2022windows_server_2022_23h2windows_server_2019Windows 10 Version 22H2Windows Server 2019Windows 10 Version 1809Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2025Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows 11 version 22H2
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-3641
Matching Score-6
Assigner-Bitdefender
ShareView Details
Matching Score-6
Assigner-Bitdefender
CVSS Score-6.1||MEDIUM
EPSS-0.04% / 11.38%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:10
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Link Resolution Before File Access in Bitdefender GravityZone (VA-9921)

Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions.

Action-Not Available
Vendor-BitdefenderMicrosoft Corporation
Product-windowsgravityzoneGravityZone
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2005-3240
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-10.23% / 92.84%
||
7 Day CHG~0.00%
Published-14 Feb, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerien/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-36744
Matching Score-6
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-6
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.53%
||
7 Day CHG~0.00%
Published-06 Sep, 2021 | 11:37
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-maximum_security_2019maximum_security_2021windowsmaximum_security_2020security_for_best_buyTrend Micro Security (Consumer)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-38191
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.51%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:29
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows 11 version 22H3Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2012-1868
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.50% / 65.14%
||
7 Day CHG~0.00%
Published-12 Jun, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-38137
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.17% / 38.07%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability

Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_11_23h2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows 11 version 22H2Windows 11 Version 24H2Windows 11 Version 23H2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-38136
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.18% / 39.38%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability

Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_11_23h2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows 11 version 22H2Windows 11 Version 24H2Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-38081
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.56% / 67.10%
||
7 Day CHG-0.02%
Published-09 Jul, 2024 | 17:03
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_server_2022.net_frameworkwindows_11_23h2windows_10_21h2windows_10_1809visual_studio_2022.netwindows_10_22h2windows_11_22h2windows_server_2019windows_10_1607Microsoft Visual Studio 2022 version 17.6Microsoft .NET Framework 3.5 AND 4.8.1Microsoft Visual Studio 2022 version 17.4Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.6.2Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 4.8Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 4.6/4.6.2Microsoft Visual Studio 2022 version 17.8Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 3.5.NET 6.0
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-49115
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.36% / 57.49%
||
7 Day CHG+0.09%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Remote Code Execution Vulnerability

Windows Remote Desktop Services Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2025windows_server_2022windows_server_2022_23h2windows_server_2019Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022
CWE ID-CWE-416
Use After Free
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-38022
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.46% / 62.92%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Image Acquisition Elevation of Privilege Vulnerability

Windows Image Acquisition Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2012Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2019Windows 11 version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-38084
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.23% / 78.32%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:29
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OfficePlus Elevation of Privilege Vulnerability

Microsoft OfficePlus Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-officeplusMicrosoft OfficePLUS
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-38013
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.44%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Server Backup Elevation of Privilege Vulnerability

Microsoft Windows Server Backup Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2012Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2019Windows 11 version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-38098
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.05% / 76.65%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:29
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Connected Machine Agent Elevation of Privilege Vulnerability

Azure Connected Machine Agent Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_connected_machine_agentAzure Connected Machine Agent
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-38097
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.84% / 73.75%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Monitor Agent Elevation of Privilege Vulnerability

Azure Monitor Agent Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_monitor_agentAzure Monitor
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-38188
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.84% / 73.75%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_network_watcher_agentAzure Network Watcher VM Extension
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-49129
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.23%
||
7 Day CHG+0.04%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2025windows_server_2022windows_server_2019Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-49106
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.24% / 46.84%
||
7 Day CHG+0.06%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Remote Code Execution Vulnerability

Windows Remote Desktop Services Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2025windows_server_2022windows_server_2019Windows Server 2019Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022
CWE ID-CWE-416
Use After Free
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-49128
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.32% / 54.14%
||
7 Day CHG+0.08%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Remote Code Execution Vulnerability

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_server_2022windows_server_2025windows_server_2012windows_server_2022_23h2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2025 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2012 R2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CVE-2024-49124
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.29% / 51.94%
||
7 Day CHG+0.07%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_server_2016windows_10_1809windows_server_2012windows_11_22h2windows_server_2025windows_11_24h2windows_10_21h2windows_server_2022_23h2windows_10_22h2windows_10_1507windows_server_2022windows_10_1607windows_server_2019Windows 10 Version 22H2Windows Server 2012Windows 10 Version 1809Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows 10 Version 1607Windows Server 2016Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows Server 2022Windows 11 version 22H2Windows Server 2019Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-49122
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.60% / 68.49%
||
7 Day CHG+0.14%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2008windows_server_2016windows_10_1809windows_server_2012windows_11_22h2windows_server_2025windows_11_24h2windows_10_21h2windows_server_2022_23h2windows_10_22h2windows_10_1507windows_server_2022windows_10_1607windows_server_2019Windows 10 Version 22H2Windows Server 2012Windows 10 Version 1809Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows 10 Version 1607Windows Server 2016Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows Server 2022Windows 11 version 22H2Windows Server 2019Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-31187
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.49% / 80.31%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows WalletService Elevation of Privilege Vulnerability

Windows WalletService Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 1803Windows 10 Version 1809Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-35261
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.44%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Network Watcher VM Extension Elevation of Privilege Vulnerability

Azure Network Watcher VM Extension Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_network_watcher_agentAzure Network Watcher VM Extension
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-35254
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.87% / 74.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 17:00
Updated-16 Jul, 2025 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Monitor Agent Elevation of Privilege Vulnerability

Azure Monitor Agent Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_monitor_agentAzure Monitor
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-35253
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.78% / 72.73%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 17:00
Updated-16 Jul, 2025 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Azure File Sync Elevation of Privilege Vulnerability

Microsoft Azure File Sync Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_file_syncAzure File Sync
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-35255
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 52.31%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:59
Updated-16 Jul, 2025 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-authentication_libraryazure_identity_sdkAzure Identity Library for .NETAzure Identity Library for JavaScriptAzure Identity Library for JavaMicrosoft Authentication LibraryAzure Identity LibraryAzure Identity Library for PythonAzure Identity Library for C++
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-28321
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.11% / 77.20%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016visual_studiovisual_studio_2019windows_10visual_studio_2017windows_server_2019Windows 10 Version 2004Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Microsoft Visual Studio 2015 Update 3Windows 10 Version 20H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-1257
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.6||HIGH
EPSS-11.57% / 93.36%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 21:16
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_vistainternet_explorern/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-30104
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.78% / 72.66%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 17:00
Updated-16 Jul, 2025 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office 2019Microsoft Office 2016
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-30076
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.69% / 70.74%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:59
Updated-16 Jul, 2025 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Container Manager Service Elevation of Privilege Vulnerability

Windows Container Manager Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 21H2Windows Server 2022Windows 11 Version 23H2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2016Windows 11 version 22H2Windows 10 Version 22H2Windows 10 Version 21H2Windows 10 Version 1809Windows 10 Version 1607
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-0754
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 10.05%
||
7 Day CHG~0.00%
Published-02 Feb, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.

Action-Not Available
Vendor-n/aThe PHP GroupMicrosoft Corporation
Product-phpwindowsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-30018
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.71% / 71.32%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:57
Updated-27 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_10_21h2windows_server_2022_23h2windows_11_21h2windows_10_1809windows_server_2022windows_11_22h2windows_server_2019windows_11_23h2Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows 11 version 22H3Windows 11 version 21H2Windows 10 Version 1809Windows 11 version 22H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-30060
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.96% / 75.57%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 22:40
Updated-03 May, 2025 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Monitor Agent Elevation of Privilege Vulnerability

Azure Monitor Agent Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_monitor_agentAzure Monitor
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2010-5165
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Malware Defender 2.6.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-torchsoftn/aMicrosoft Corporation
Product-windows_xpmalware_defendern/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5169
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.03% / 5.78%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Online Armor Premium 4.0.0.35 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-emisoftn/aMicrosoft Corporation
Product-online_armorwindows_xpn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5174
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 13.42%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Prevx 3.0.5.143 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-prevxn/aMicrosoft Corporation
Product-windows_xpprevxn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-26887
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.49% / 64.49%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:42
Updated-19 Nov, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability

<p>An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder.</p> <p>To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data.</p> <p>This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See the <strong>FAQ</strong> section of this CVE for configuration guidance.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2010-5170
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Online Solutions Security Suite 1.5.14905.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-online-solutionsn/aMicrosoft Corporation
Product-online_solutions_security_suitewindows_xpn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-30033
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.98% / 75.76%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:57
Updated-03 May, 2025 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Search Service Elevation of Privilege Vulnerability

Windows Search Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_21h2windows_server_2022windows_10_22h2Windows 10 Version 21H2Windows 11 version 21H2Windows Server 2022Windows 10 Version 22H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2010-5182
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 13.42%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in VirusBuster Internet Security Suite 3.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-virusbustern/aMicrosoft Corporation
Product-windows_xpvirusbuster_internet_securit_suiten/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 10
  • 11
  • Next
Details not found