Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-28401

Summary
Assigner-intel
Assigner Org ID-6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At-14 Nov, 2023 | 19:04
Updated At-02 Aug, 2024 | 12:38
Rejected At-
Credits

Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:intel
Assigner Org ID:6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At:14 Nov, 2023 | 19:04
Updated At:02 Aug, 2024 | 12:38
Rejected At:
▼CVE Numbering Authority (CNA)

Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local access.

Affected Products
Vendor
n/a
Product
Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers
Default Status
unaffected
Versions
Affected
  • before version 31.0.101.4255
Problem Types
TypeCWE IDDescription
N/AN/Aescalation of privilege
CWECWE-787Out-of-bounds write
Type: N/A
CWE ID: N/A
Description: escalation of privilege
Type: CWE
CWE ID: CWE-787
Description: Out-of-bounds write
Metrics
VersionBase scoreBase severityVector
3.15.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 5.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html
N/A
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html
x_transferred
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@intel.com
Published At:14 Nov, 2023 | 19:15
Updated At:30 Nov, 2023 | 15:12

Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.15.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CPE Matches

Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>iris_xe_graphics>>Versions before 31.0.101.4255(exclusive)
cpe:2.3:a:intel:iris_xe_graphics:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>arc_a_graphics>>Versions before 31.0.101.4255(exclusive)
cpe:2.3:a:intel:arc_a_graphics:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-787Secondarysecure@intel.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: secure@intel.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.htmlsecure@intel.com
Vendor Advisory
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html
Source: secure@intel.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

4832Records found

CVE-2019-1316
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.54% / 66.58%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CVE-2024-0819
Matching Score-8
Assigner-TeamViewer Germany GmbH
ShareView Details
Matching Score-8
Assigner-TeamViewer Germany GmbH
CVSS Score-7.3||HIGH
EPSS-0.08% / 24.99%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 14:07
Updated-03 Mar, 2025 | 22:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incomplete protection of personal password settings

Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationTeamViewerLinux Kernel Organization, Inc
Product-remotewindowsmacoslinux_kernelRemote Full ClientRemote Hostremote
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-34711
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.88% / 74.42%
||
7 Day CHG+0.12%
Published-15 Aug, 2022 | 20:30
Updated-02 Jan, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Defender Credential Guard Elevation of Privilege Vulnerability

Windows Defender Credential Guard Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 20H2
CVE-2020-1170
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.57%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163.

Action-Not Available
Vendor-Microsoft Corporation
Product-security_essentialswindows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_7system_center_endpoint_protectionwindows_10windows_server_2019windows_defenderforefront_endpoint_protection_2010Windows Defender on Windows 10 Version 1909 for ARM64-based SystemsWindows Defender on Windows Server 2008 for Itanium-Based SystemsWindows Defender on Windows 7 for x64-based SystemsWindows Defender on Windows 10 Version 1709 for ARM64-based SystemsWindows Defender on Windows 10 Version 1709 for 32-bit SystemsWindows Defender on Windows 10 Version 1903 for ARM64-based SystemsWindows Defender on Windows Server 2019Windows Defender on Windows 10 Version 1809 for ARM64-based SystemsMicrosoft Security EssentialsWindows Defender on Windows 8.1 for x64-based systemsWindows Defender on Windows 8.1 for 32-bit systemsWindows Defender on Windows 10 Version 1909 for 32-bit SystemsWindows Defender on Windows 10 Version 1809 for x64-based SystemsWindows Defender on Windows 10 Version 1803 for 32-bit SystemsWindows Defender on Windows Server, version 1903 (Server Core installation)Windows Defender on Windows Server 2012 R2Microsoft System CenterWindows Defender on Windows Server 2008 for 32-bit SystemsWindows Defender on Windows 10 Version 1903 for x64-based SystemsWindows Defender on Windows 10 Version 1909 for x64-based SystemsWindows Defender on Windows 10 for 32-bit SystemsWindows Defender on Windows Server 2012 R2 (Server Core installation)Windows Defender on Windows 10 Version 1607 for x64-based SystemsWindows Defender on Windows Server 2008 R2 for Itanium-Based SystemsWindows Defender on Windows Server 2019 (Server Core installation)Windows Defender on Windows Server, version 1909 (Server Core installation)Windows Defender on Windows Server, version 1803 (Server Core Installation)Windows Defender on Windows 10 Version 1809 for 32-bit SystemsWindows Defender on Windows Server 2008 R2 for x64-based Systems (Server Core installation)Windows Defender on Windows Server 2016Windows Defender on Windows 10 Version 1903 for 32-bit SystemsWindows Defender on Windows Server 2008 R2 for x64-based SystemsWindows Defender on Windows Server 2008 for 32-bit Systems (Server Core installation)Windows Defender on Windows Server 2012Windows Defender on Windows 10 Version 1709 for x64-based SystemsWindows Defender on Windows 10 Version 1803 for x64-based SystemsWindows Defender on Windows 10 Version 1607 for 32-bit SystemsWindows Defender on Windows 7 for 32-bit SystemsWindows Defender on Windows Server 2016 (Server Core installation)Windows Defender on Windows Server 2012 (Server Core installation)Microsoft Forefront Endpoint ProtectionWindows Defender on Windows RT 8.1Windows Defender on Windows 10 for x64-based SystemsWindows Defender on Windows 10 Version 1803 for ARM64-based Systems
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-1132
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.47%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles file and folder links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2019-1278
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.85%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:25
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CVE-2019-1321
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.68%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka 'Microsoft Windows CloudStore Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CVE-2019-1268
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.14%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:25
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CVE-2019-1315
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-6.22% / 90.50%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-05||Apply updates per vendor instructions.

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2008windows_7windows_8.1windows_rt_8.1windows_10windows_server_2012windows_server_2019Windows 10 Version 1903 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindowsWindows ServerWindows
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-1285
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.47%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:25
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1256.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CVE-2019-11753
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.61%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 17:13
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. <br>*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69, Firefox ESR < 60.9, and Firefox ESR < 68.1.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsfirefox_esrFirefoxFirefox ESR
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2019-11111
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.25%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 19:04
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.
Product-graphics_drivercloud_backupsteelstore_cloud_integrated_storagesolidfire_baseboard_management_controller_firmwaresolidfire_baseboard_management_controllerdata_availability_services2019.2 IPU – Intel(R) Graphics Driver for Windows* and Linux
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-1132
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-29.25% / 96.42%
||
7 Day CHG~0.00%
Published-29 Jul, 2019 | 14:13
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-05||Apply updates per vendor instructions.

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2008Windows ServerWindowsWin32k
CVE-2019-11181
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.43%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:38
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-hpcr1304wftysrbbs2600bpbhns2600bpb24rhpcr2208wf0zsrr1304wftysrhpcr2208wftzsrr2208wftzsrr2208wf0zsrr1208wftysr1304wf0ysr2224wfqzshns2600bpqbbs2600stqhpcr2312wftzsrhns2600bpbrhpcr2224wftzsrhns2600bpblchpcr2208wftzsrxbbs2600stbr2208wf0zsr2208wftzshns2600bpsrr1208wftysrr2208wftzsrxbbs2600stbrhns2600bpbrxr2312wf0nphns2600bpblcrs2600stbr2224wftzsrr2208wfqzsrr2224wftzsbbs2600bpqrbbs2600stqrr2208wfqzsbbs2600bpshns2600bpshpcr2312wf0nprhns2600bpq24rhns2600bpb24hns2600bps24hns2600bpq24hns2600bpblc24r2312wfqzshpcr1208wftysrs9256wk1hlchpchns2600bpsrbbs2600bpsrr2312wf0nprs2600stbrs2600wftrhns2600bpbhpcr2208wfqzsrs9248wk2hlcr1304wftysbbs2600bpbrs9248wk2hachpcr1208wfqysrhns2600bpblc24rs2600wf0rs2600stqrs9232wk1hlcs2600stqs9232wk2hacr2308wftzss9248wk1hlcs2600wfqrhpcr2308wftzsrr1208wfqysrhpchns2600bpbrr2312wftzsrr2308wftzsrhpcr1304wf0ysrhpchns2600bpqrs2600wf0hns2600bps24rs9232wk2hlchns2600bpqrs2600wfqbbs2600bpqr1304wf0ysrbaseboard_management_controller_firmwares2600wfthns2600bpb24rxr2312wftzsIntel(R) BMC
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-0107
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.32%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 16:57
Updated-17 Sep, 2024 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-gpu_display_drivervirtual_gpuwindowsteslaquadrocloud_gaminggeforcertxGPU Display Driver, vGPU Software, Cloud Gaming
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-34855
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 23.54%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_pro_software_suiteIntel(R) NUC Pro Software Suite
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21384
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.17% / 38.06%
||
7 Day CHG~0.00%
Published-18 Mar, 2021 | 23:50
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null characters not escaped in shescape

shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.

Action-Not Available
Vendor-opengroupshescape_projectericcornelissenMicrosoft Corporation
Product-windowsunixshescapeshescape
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2022-34848
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 22.08%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_pro_software_suiteIntel(R) NUC Pro Software Suite
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2019-1162
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.47% / 63.63%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows ALPC Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1709Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1703
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-0206
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.55%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 12:56
Updated-17 Apr, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files

Action-Not Available
Vendor-Microsoft CorporationMusarubra US LLC (Trellix)
Product-windowsanti-malware_engineAnti-Malware Engine
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-21912
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.66%
||
7 Day CHG~0.00%
Published-22 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)Microsoft Corporation
Product-windowsr-seenetAdvantech
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-33963
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 22.16%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-24 Jan, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-unitesoftware installer for Intel(R) Unite(R) Client software for Windows
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-0085
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.09% / 26.62%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-19 Aug, 2024 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.

Action-Not Available
Vendor-VMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Citrix (Cloud Software Group, Inc.)Canonical Ltd.Microsoft Corporation
Product-ubuntu_linuxazure_stack_hcienterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software and Cloud Gamingcloud_gaming_virtual_gpuvirtual_gpu
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2022-34346
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.08% / 24.27%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-media_software_development_kitIntel(R) Media SDK software
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-7811
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 12.19%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 13:16
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samsung Update Local Privilege Escalation Vulnerability

Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication

Action-Not Available
Vendor-Samsung ElectronicsSamsungMicrosoft Corporation
Product-windowsupdate Samsung Update
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-20532
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.02% / 4.36%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:30
Updated-16 Sep, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-spectrum_protect_backup-archive_clientwindowsspectrum_protect_for_virtual_environmentsSpectrum Protect for Virtual Environments
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-34699
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-8.36% / 91.95%
||
7 Day CHG-2.43%
Published-09 Aug, 2022 | 19:52
Updated-05 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32k Elevation of Privilege Vulnerability

Windows Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11windows_server_2016windows_10windows_server_2022windows_server_2019Windows 11 version 21H2Windows 10 Version 20H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server version 20H2Windows 10 Version 1809Windows 10 Version 21H2Windows 10 Version 21H1Windows Server 2019Windows Server 2022Windows Server 2016 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-2291
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.54% / 84.87%
||
7 Day CHG+0.28%
Published-09 Aug, 2017 | 18:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-03-03||Apply updates per vendor instructions.

(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.

Action-Not Available
Vendor-n/aIntel CorporationMicrosoft Corporation
Product-ethernet_diagnostics_driver_iqvw32.sysethernet_diagnostics_driver_iqvw64.syswindowsn/aEthernet Diagnostics Driver for Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2024-0091
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.54%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-15 Aug, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)Microsoft CorporationCanonical Ltd.Red Hat, Inc.VMware (Broadcom Inc.)NVIDIA CorporationLinux Kernel Organization, Inc
Product-ubuntu_linuxstudiovirtual_gpuhypervisorteslavspherequadrocloud_gaminggeforcertxlinux_kernelgpu_display_driverazure_stack_hcienterprise_linux_kernel-based_virtual_machinenvswindowsGPU display driver, vGPU software, and Cloud Gamingstudioquadro_firmwarenvs_firmwareteslageforcertx
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2019-1027
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.73%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Audio Service Elevation of Privilege Vulnerability

An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 1803Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1809Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2019Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1709Windows 10 Version 1903 for 32-bit SystemsWindows Server 2019 (Server Core installation)
CVE-2021-20334
Matching Score-8
Assigner-MongoDB, Inc.
ShareView Details
Matching Score-8
Assigner-MongoDB, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.10% / 27.75%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 16:45
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation in MongoDB Compass for Windows

A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows.

Action-Not Available
Vendor-MongoDB, Inc.Microsoft Corporation
Product-compasswindowsMongoDB Compass
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-10128
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.15%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 19:15
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development GroupMicrosoft Corporation
Product-windowspostgresqlpostgresql
CWE ID-CWE-284
Improper Access Control
CVE-2022-34672
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsvirtual_gpucloud_gamingvGPU software (guest driver) - Windows, NVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-284
Improper Access Control
CVE-2022-34841
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.08% / 24.12%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-media_software_development_kitIntel(R) Media SDK software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-1007
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.82%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Audio Service Elevation of Privilege Vulnerability

An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 1803Windows Server, version 1803 (Server Core Installation)Windows Server 2019Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server 2019 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1607Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1507Windows 10 Version 1709Windows 10 Version 1703Windows 10 Version 1809
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-5180
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.14%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 19:01
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)

Action-Not Available
Vendor-sparklabsn/aApple Inc.Microsoft Corporation
Product-windowsmacosviscosityn/a
CVE-2022-34147
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.43%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc10i7fnhaa_firmwarecm8i3cb4nnuc10i7fnk_firmwarecm8pcb4r_firmwarenuc10i7fnhc_firmwarenuc8i3pnk_firmwarenuc10i3fnhja_firmwarenuc10i3fnhfnuc10i5fnhnnuc10i7fnhccm8i5cb8n_firmwarenuc9i9qn_firmwarenuc10i5fnknuc8i3pnh_firmwarenuc10i3fnkn_firmwarelapqc71d_firmwarenuc10i5fnhja_firmwarenuc10i7fnkpanuc10i7fnh_firmwarenuc10i3fnhnuc10i5fnkpnuc10i5fnhjnuc10i7fnhnnuc10i3fnkcm8pcb4rnuc10i5fnkpa_firmwarenuc8i3pnknuc10i5fnkpanuc10i3fnk_firmwarenuc10i5fnh_firmwarelapqc71b_firmwarecm8i3cb4n_firmwarenuc10i3fnhncm8i7cb8n_firmwarelapqc71acm8ccb4r_firmwarelapqc71c_firmwarenuc10i7fnhjacm8i7cb8nlapqc71bnuc10i7fnkpa_firmwarenuc9i5qnnuc10i5fnhfnuc10i3fnhfanuc10i5fnhj_firmwarenuc10i7fnkn_firmwarenuc10i5fnhnuc9i7qnlapqc71dnuc10i7fnknnuc10i5fnhca_firmwarenuc10i5fnknnuc10i5fnkp_firmwarenuc10i7fnhnuc8i3pnb_firmwarenuc8i3pnbnuc9i5qn_firmwarenuc10i3fnknnuc10i3fnhfa_firmwarenuc9i7qn_firmwarenuc10i7fnhaanuc10i5fnhf_firmwarenuc8i3pnhnuc10i5fnhn_firmwarenuc10i5fnk_firmwarelapqc71cnuc10i7fnknuc10i7fnkpnuc10i7fnhn_firmwarenuc10i3fnhn_firmwarecm8ccb4rnuc10i5fnkn_firmwarenuc10i3fnhf_firmwarenuc10i7fnkp_firmwarenuc10i3fnhjanuc9i9qnlapqc71a_firmwarenuc10i5fnhjanuc10i5fnhcanuc10i7fnhja_firmwarenuc10i3fnh_firmwarecm8i5cb8nIntel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0124
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.78%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 19:07
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_e3-1230_v5core_i7-7700kcore_i7-8705gxeon_e-2276mcore_i7-8665uxeon_e3-1558l_v5core_i7-7660ucore_i7-6600ucore_i7-8706gxeon_e3-1565l_v5_firmwarexeon_e3-1565l_v5xeon_e3-1501l_v6_firmwarexeon_e-2236core_i9-9880h_firmwarecore_i7-8700t_firmwarexeon_e-2236_firmwarexeon_e-2124g_firmwarecore_i7-9700kfxeon_e-2126g_firmwarexeon_e3-1240_v6xeon_e-2254me_firmwarecore_i7-8700core_i7-8665ue_firmwarexeon_e-2276me_firmwarexeon_e3-1220_v5_firmwarecore_i7-8705g_firmwarecore_i7-7700tcore_i7-8086kcore_i7-6600u_firmwarecore_i7-9700core_i7-6770hqcore_i7-8700kcore_i7-6650u_firmwarexeon_e3-1280_v5core_i9-9900kfxeon_e-2226gxeon_e3-1270_v6_firmwarexeon_e3-1285_v6_firmwarecore_i7-10510u_firmwarecore_i7-6822eqxeon_e-2276m_firmwarexeon_e-2134core_i7-6700tecore_i7-6567u_firmwarecore_i7-9700texeon_e3-1501l_v6xeon_e-2226g_firmwarecore_i7-7600uxeon_e3-1285_v6xeon_e-2224xeon_e-2186m_firmwarecore_i7-9700f_firmwarexeon_e3-1225_v6core_i7-8569u_firmwarecore_i7\+8700_firmwarexeon_e-2144g_firmwarecore_i7-10510yxeon_e3-1240l_v5xeon_e3-1225_v5_firmwarexeon_e3-1505l_v6xeon_e-2278gexeon_e-2134_firmwarecore_i7-7600u_firmwarecore_i7-7700hqxeon_e3-1240_v5_firmwarecore_i7-10710u_firmwarecore_i7-7820hkxeon_e3-1245_v5core_i7-6870hqxeon_e3-1558l_v5_firmwarecore_i7-6970hqcore_i7-9700fxeon_e3-1505l_v6_firmwarexeon_e-2136xeon_e-2246gcore_i7-9700kcore_i7-10510ucore_i7-8500y_firmwarexeon_e3-1270_v5_firmwarecore_i7-8700b_firmwarexeon_e3-1275_v5_firmwarexeon_e3-1535m_v5core_i7-7700xeon_e3-1535m_v5_firmwarecore_i7-6820hq_firmwarecore_i7-7820hq_firmwarecore_i7-7920hqcore_i7-7920hq_firmwarexeon_e3-1575m_v5_firmwarexeon_e3-1268l_v5core_i9-9900ks_firmwarexeon_e-2254mlcore_i7-8700k_firmwarexeon_e3-1545m_v5xeon_e-2124_firmwarecore_i7-8700_firmwarexeon_e3-1260l_v5_firmwarexeon_e3-1501m_v6_firmwarexeon_e3-1240_v6_firmwarecore_i7-8750hxeon_e3-1501m_v6xeon_e3-1505m_v5_firmwarexeon_e-2226ge_firmwarexeon_e-2254ml_firmwarexeon_e3-1578l_v5core_i7-6660uxeon_e3-1270_v5xeon_e3-1260l_v5xeon_e3-1270_v6xeon_e-2286mcore_i7-9850he_firmwarecore_i7-8557u_firmwarexeon_e3-1505m_v5core_i7-7820eq_firmwarexeon_e-2276gxeon_e-2186gxeon_e-2276mlxeon_e-2244gxeon_e-2174gcore_i9-9900kxeon_e-2176gcore_i7-8809gcore_i7-8709gcore_i7-8700bxeon_e3-1230_v6_firmwarecore_i7-7y75_firmwarecore_i7-8550u_firmwarecore_i7-7500u_firmwarexeon_e3-1275_v6_firmwarexeon_e3-1585_v5xeon_e3-1225_v6_firmwarecore_i7-6700k_firmwarecore_i7-7820hk_firmwarecore_i7-8557ucore_i9-9900kf_firmwarecore_i7-6560uxeon_e-2278ge_firmwarecore_i7-6820hk_firmwarecore_i7-8700txeon_e3-1280_v5_firmwarecore_i7-6820hqxeon_e3-1220_v6_firmwarecore_i7-9850hecore_i7-8650uxeon_e3-1535m_v6_firmwarexeon_e-2286m_firmwarecore_i7-6700tcore_i7-6920hqcore_i9-9900kscore_i7-9750h_firmwarexeon_e3-1230_v6xeon_e3-1585l_v5_firmwarecore_i7-6700_firmwarexeon_e3-1240l_v5_firmwarexeon_e-2234_firmwarecore_i7-8565u_firmwarecore_i7-6822eq_firmwarexeon_e-2224_firmwarecore_i7-9750hfxeon_e-2186g_firmwarexeon_e-2274gxeon_e-2124gxeon_e-2278gelxeon_e3-1280_v6xeon_e-2288gcore_i7-6700t_firmwarexeon_e-2234xeon_e3-1245_v5_firmwarecore_i7-8709g_firmwarecore_i7-6500ucore_i7-6500u_firmwarecore_i7-9850hcore_i7-6700kcore_i7-9700t_firmwarexeon_e3-1280_v6_firmwarexeon_e-2124core_i9-9880hcore_i7-6820eq_firmwarecore_i7-10710uxeon_e-2136_firmwarexeon_e-2276g_firmwarexeon_e3-1235l_v5_firmwarexeon_e-2276mecore_i7-8565uxeon_e-2274g_firmwarexeon_e-2126gcore_i7-7560ucore_i7-8706g_firmwarecore_i7-6920hq_firmwarecore_i7-9700tcore_i7-7820eqxeon_e3-1535m_v6core_i7-9850hlcore_i9-9900core_i7-10510y_firmwarexeon_e3-1220_v5core_i7-9850hl_firmwarecore_i7-8650u_firmwarexeon_e-2146g_firmwarexeon_e3-1220_v6core_i7-6785r_firmwarecore_i7-8850h_firmwarecore_i9-9900k_firmwarecore_i7-6700hq_firmwarecore_i7-6700hqcore_i7-7700k_firmwarecore_i7-9700kf_firmwarecore_i7-9850h_firmwarexeon_e-2186mcore_i7-7567u_firmwarecore_i7-9700exeon_e-2176mcore_i7-6970hq_firmwarecore_i7-6785rcore_i7-7700hq_firmwarecore_i7-6820hkcore_i7-6660u_firmwarexeon_e3-1230_v5_firmwarecore_i7-9750hf_firmwarecore_i7-7500ucore_i7-8550uxeon_e-2278g_firmwarexeon_e-2276ml_firmwarexeon_e-2224gxeon_e-2286gxeon_e3-1268l_v5_firmwarecore_i7-6700te_firmwarexeon_e3-1275_v6xeon_e-2226gexeon_e-2244g_firmwarecore_i7-6650uxeon_e3-1575m_v5xeon_e-2278gxeon_e3-1505l_v5xeon_e3-1245_v6core_i7-8559u_firmwarecore_i7-8850hcore_i7-8086k_firmwarecore_i7-8665u_firmwarexeon_e-2176g_firmwarexeon_e3-1585_v5_firmwarecore_i7-6560u_firmwarecore_i7-6820eqcore_i7-8500ycore_i7-7567ucore_i9-9900tcore_i9-9900_firmwarexeon_e3-1505m_v6_firmwarexeon_e3-1545m_v5_firmwarecore_i7-9700e_firmwarexeon_e3-1235l_v5core_i7\+8700core_i7-7660u_firmwarecore_i7-7820hqxeon_e3-1585l_v5core_i7-8750h_firmwarexeon_e3-1275_v5core_i7-8665uecore_i7-9700k_firmwarecore_i7-8809g_firmwarexeon_e3-1240_v5xeon_e-2288g_firmwarecore_i7-7700t_firmwarecore_i9-9980hk_firmwarexeon_e-2246g_firmwarecore_i7-6567uxeon_e-2176m_firmwarexeon_e-2174g_firmwarexeon_e3-1515m_v5xeon_e3-1505l_v5_firmwarexeon_e3-1225_v5core_i7-6870hq_firmwarexeon_e-2278gel_firmwarexeon_e-2144gxeon_e3-1245_v6_firmwarexeon_e3-1515m_v5_firmwarecore_i7-8569ucore_i7-9700te_firmwarecore_i7-7700_firmwarecore_i7-6770hq_firmwarexeon_e-2254mecore_i7-9750hcore_i7-7y75core_i7-7560u_firmwarexeon_e-2286g_firmwarecore_i7-6700xeon_e3-1505m_v6core_i9-9980hkcore_i7-8559ucore_i9-9900t_firmwarecore_i7-9700_firmwarexeon_e-2146gxeon_e-2224g_firmwarexeon_e3-1578l_v5_firmware2019.2 IPU – Intel(R) SGX and TXT
CVE-2023-6334
Matching Score-8
Assigner-HYPR Corp
ShareView Details
Matching Score-8
Assigner-HYPR Corp
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 16.33%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 19:41
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7.

Action-Not Available
Vendor-hyprHYPRMicrosoft Corporation
Product-windowsworkforce_accessWorkforce Access
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-0841
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-85.92% / 99.34%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:18
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-05||Apply updates per vendor instructions.

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1703windows_10_1803windows_10_1809windows_server_2019windows_10_1709windows_server_2016Windows ServerWindowsWindows
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-34703
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.27% / 83.99%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:53
Updated-04 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Partition Management Driver Elevation of Privilege Vulnerability

Windows Partition Management Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_server_2022windows_10windows_server_2016windows_11Windows 10 Version 1809Windows 10 Version 21H1Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 21H2Windows 10 Version 20H2Windows Server version 20H2Windows 10 Version 1507Windows 10 Version 1607Windows Server 2019Windows 11 version 21H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-0128
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.23%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-chipset_device_softwareIntel(R) Chipset Device Software (INF Update Utility) Advisory
CWE ID-CWE-264
Not Available
CVE-2019-0973
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.71%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_7windows_rt_8.1windows_server_2019windows_8.1windows_server_2008windows_10Windows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 8.1Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows 10 Version 1703Windows 7Windows 10 Version 1809
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0082
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.81% / 73.22%
||
7 Day CHG~0.00%
Published-10 Mar, 2009 | 20:00
Updated-21 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_vistawindows_server_2008windows_xpwindows_2000n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-34706
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.27% / 83.99%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:53
Updated-04 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_8.1windows_rt_8.1windows_server_2019windows_server_2022windows_server_2012windows_7windows_10windows_server_2016windows_server_2008windows_11Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 21H2Windows 7Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1607Windows Server 2016Windows Server 2012 R2Windows 10 Version 21H1Windows 8.1Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows 10 Version 20H2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 11 version 21H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-33898
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.59%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_watchdog_timer_utilityIntel(R) NUC Watchdog Timer installation software
CWE ID-CWE-277
Insecure Inherited Permissions
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-6006
Matching Score-8
Assigner-PaperCut Software Pty Ltd
ShareView Details
Matching Score-8
Assigner-PaperCut Software Pty Ltd
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.41%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 04:04
Updated-08 Jan, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation Vulnerability

This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must have local write access to the C Drive. In addition, Print Archiving must be enabled or the attacker needs to encounter a misconfigured system. This vulnerability does not apply to PaperCut NG installs that have Print Archiving enabled and configured as per the recommended set up procedure. This specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM Note: This CVE has been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard network users on the host server.

Action-Not Available
Vendor-PaperCut Software Pty LtdMicrosoft Corporation
Product-papercut_mfwindowspapercut_ngPaperCut NG, PaperCut MF
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2010-0232
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-73.26% / 98.74%
||
7 Day CHG~0.00%
Published-21 Jan, 2010 | 19:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_2000n/aWindows
CVE-2022-34235
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.11%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 14:42
Updated-23 Apr, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Elements Uncontrolled Search Path Element Privilege Escalation

Adobe Premiere Elements version 2020v20 (and earlier) is affected by an Uncontrolled Search Path Element which could lead to Privilege Escalation. An attacker could leverage this vulnerability to obtain admin using an existing low-privileged user. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-premiere_elementswindowsmacosPremiere Elements
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-33892
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.10% / 28.90%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus Prime Pro and Standard edition software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 96
  • 97
  • Next
Details not found