Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-32479

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-06 Feb, 2024 | 08:09
Updated At-22 Aug, 2024 | 19:24
Rejected At-
Credits

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:06 Feb, 2024 | 08:09
Updated At:22 Aug, 2024 | 19:24
Rejected At:
▼CVE Numbering Authority (CNA)

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

Affected Products
Vendor
Dell Inc.Dell
Product
Dell Encryption
Default Status
unaffected
Versions
Affected
  • From 0 before 11.9.0 (semver)
Vendor
Dell Inc.Dell
Product
Dell Endpoint Security Suite Enterprise
Default Status
unaffected
Versions
Affected
  • From 0 before 11.9.0 (semver)
Vendor
Dell Inc.Dell
Product
Dell Security Management Server (Windows)
Default Status
unaffected
Versions
Affected
  • From 0 before 11.9.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284: Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284: Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Pwni
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260
vendor-advisory
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Dell Inc.dell
Product
security_management_server
CPEs
  • cpe:2.3:a:dell:security_management_server:11.9.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 11.9.0 (semver)
Vendor
Dell Inc.dell
Product
endpoint_security_suite_enterprise
CPEs
  • cpe:2.3:a:dell:endpoint_security_suite_enterprise:11.9.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 11.9.0 (semver)
Vendor
Dell Inc.dell
Product
encryption
CPEs
  • cpe:2.3:a:dell:encryption:11.9.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 11.9.0 (semver)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:06 Feb, 2024 | 08:15
Updated At:13 Feb, 2024 | 22:54

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Dell Inc.
dell
>>encryption>>Versions before 11.9.0(exclusive)
cpe:2.3:a:dell:encryption:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>endpoint_security_suite_enterprise>>Versions before 11.9.0(exclusive)
cpe:2.3:a:dell:endpoint_security_suite_enterprise:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>security_management_server>>Versions before 11.9.0(exclusive)
cpe:2.3:a:dell:security_management_server:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-284Secondarysecurity_alert@emc.com
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260security_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2442Records found
CVE-2022-24513
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.32%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:03
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Elevation of Privilege Vulnerability

Visual Studio Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2019visual_studio_2022Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2022 version 17.1Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Visual Studio 2019 for Mac version 8.10Visual Studio 2022 for Mac version 17.0Microsoft Visual Studio 2022 version 17.0
CVE-2024-38117
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.69% / 70.94%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NTFS Elevation of Privilege Vulnerability

NTFS Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows 11 Version 24H2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows 11 version 22H3Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-38187
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.48% / 64.09%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2019Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2023-29371
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.38% / 79.53%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Elevation of Privilege Vulnerability

Windows GDI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29358
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.60% / 85.03%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Elevation of Privilege Vulnerability

Windows GDI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CVE-2022-24455
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.53%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:07
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows CD-ROM Driver Elevation of Privilege Vulnerability

Windows CD-ROM Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows Server 2019 (Server Core installation)Windows 10 Version 1909Windows Server 2012 (Server Core installation)Windows Server 2019Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2012Windows 8.1
CVE-2022-24416
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.11% / 29.99%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-16 Sep, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24499
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 51.48%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:03
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2024-38383
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 21:11
Updated-04 Feb, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel CorporationMicrosoft Corporation
Product-quartus_primewindowsIntel(R) Quartus(R) Prime Pro Edition software for Windowsquartus_prime_pro
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-38141
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.13% / 77.46%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows 11 Version 24H2Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2019Windows 11 version 22H3Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-416
Use After Free
CVE-2022-24486
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.56%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:03
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Elevation of Privilege Vulnerability

Windows Kerberos Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2024-38085
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-5.55% / 89.90%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Elevation of Privilege Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2012Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2008 R2 Service Pack 1Windows Server 2019Windows 11 version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CVE-2024-38173
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.7||MEDIUM
EPSS-1.59% / 80.89%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook Remote Code Execution Vulnerability

Microsoft Outlook Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsoutlookofficeMicrosoft Office 2019Microsoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft Outlook 2016
CWE ID-CWE-73
External Control of File Name or Path
CVE-2023-29343
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-15.01% / 94.29%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 17:03
Updated-10 Jul, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SysInternals Sysmon for Windows Elevation of Privilege Vulnerability

SysInternals Sysmon for Windows Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_sysmonWindows Sysmon
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-24507
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.72%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:08
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows Server 2019Windows 10 Version 1809Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 10 Version 21H1
CVE-2023-30431
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.02% / 3.48%
||
7 Day CHG~0.00%
Published-09 Jul, 2023 | 23:58
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 buffer overflow

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windowsdb2_for_linux_unix_and_windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24421
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-17 Sep, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24494
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-16.64% / 94.66%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:03
Updated-24 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2019Windows 11 version 21H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 21H1Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2012Windows Server version 20H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 7Windows Server 2008 Service Pack 2Windows 7 Service Pack 1Windows 10 Version 20H2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1507Windows 10 Version 1909Windows 10 Version 1607Windows 8.1
CVE-2022-24488
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.40%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:03
Updated-24 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Desktop Bridge Elevation of Privilege Vulnerability

Windows Desktop Bridge Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_server_2022windows_10Windows 10 Version 21H2Windows 11 version 21H2Windows 10 Version 21H1Windows Server version 20H2Windows Server 2022Windows 10 Version 20H2
CVE-2022-24415
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-17 Sep, 2024 | 02:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-29359
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.01%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GDI Elevation of Privilege Vulnerability

GDI Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2020-22722
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.34%
||
7 Day CHG~0.00%
Published-14 Aug, 2020 | 15:44
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC.

Action-Not Available
Vendor-rapidscadan/aMicrosoft Corporation
Product-windowsrapid_scadan/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-24419
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-16 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24479
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.74%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:03
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability

Connected User Experiences and Telemetry Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2022-24474
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 58.52%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:03
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32k Elevation of Privilege Vulnerability

Windows Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2024-37130
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.96%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 01:34
Updated-09 Jan, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell OpenManage Server Administratoropenmanage_server_administrator
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-24088
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.68%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 00:00
Updated-26 Sep, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges.

Action-Not Available
Vendor-foxconnn/afoxconnMicrosoft Corporation
Product-windowslive_update_utilityn/alive_update_utility
CVE-2023-29165
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.37%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-02 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsarc_a_graphicsiris_xe_graphicsIntel(R) Arc(TM) Control software
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-22528
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-7.8||HIGH
EPSS-0.10% / 29.24%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries.

Action-Not Available
Vendor-SAP SEMicrosoft Corporation
Product-adaptive_server_enterprisewindowsSAP Adaptive Server Enterprise
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-23299
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.55% / 66.95%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:07
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows PDEV Elevation of Privilege Vulnerability

Windows PDEV Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows 10 Version 1909Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2016Windows 7Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CVE-2023-29336
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-73.52% / 98.75%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 17:03
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-05-30||Apply updates per vendor instructions.
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_10_1507windows_server_2012windows_10_1607windows_server_2016Windows Server 2016Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Win32k
CWE ID-CWE-416
Use After Free
CVE-2022-22715
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-16.83% / 94.69%
||
7 Day CHG-7.20%
Published-09 Feb, 2022 | 16:37
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Named Pipe File System Elevation of Privilege Vulnerability

Named Pipe File System Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_11windows_server_2019windows_10Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2020-24432
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.7||MEDIUM
EPSS-4.42% / 88.60%
||
7 Day CHG~0.00%
Published-05 Nov, 2020 | 19:32
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC Arbitrary JavaScript Execution in PDF Documents

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is trusted by the victim. The attacker then needs to convince the victim to open the document.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23296
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.54% / 66.50%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:07
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows 10 Version 1909Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2016Windows 7Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-36253
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 4.20%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 21:11
Updated-04 Feb, 2025 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) SDP Tool for Windows software all version may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel CorporationMicrosoft Corporation
Product-windowsserver_debug_and_provisioning_toolIntel(R) SDP Tool for Windows softwaresdp_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-28080
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 13.38%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 15:24
Updated-10 Jan, 2025 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Dell Inc.
Product-powerpathPowerPath Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2010-4398
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-12.17% / 93.57%
||
7 Day CHG~0.00%
Published-03 Dec, 2010 | 20:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-21||Apply updates per vendor instructions.

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_vistan/aWindows
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-28068
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.04% / 12.34%
||
7 Day CHG~0.00%
Published-05 May, 2023 | 06:41
Updated-29 Jan, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_monitorDell Command Monitor (DCM)
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-28401
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.07% / 21.07%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-02 Aug, 2024 | 12:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsarc_a_graphicsiris_xe_graphicsIntel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-2873
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.44%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 18:00
Updated-02 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Twister Antivirus IoControlCode filppd.sys 0x80800043 memory corruption

A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-filseclabTwisterMicrosoft Corporation
Product-windowstwister_antivirusAntivirus
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-24682
Matching Score-8
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-8
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-7.2||HIGH
EPSS-0.05% / 14.46%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 07:11
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Automation Studio and PVI Multiple unquoted service path vulnerabilities

Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.

Action-Not Available
Vendor-B&R Industrial Automation GmbHMicrosoft Corporation
Product-windowsautomation_net\/pviautomation_studioNET/PVIAutomation Studio
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-28956
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.03% / 4.97%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 01:00
Updated-09 Dec, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Protect Backup-Archive Client privilege escalation

IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsspectrum_protect_backup-archive_clientSpectrum Protect Backup-Archive Clientspectrum_protect
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2022-22454
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 26.24%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 15:45
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixinfosphere_information_server_on_cloudlinux_kernelwindowsInfoSphere Information Server
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-28293
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-6.35% / 90.60%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows Server 2016Windows 10 Version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022Windows 11 version 21H2Windows 10 Version 1507Windows Server 2012Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows Server 2019Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2022-22557
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.49%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 21:00
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_xpowerstore_tpowerstoreosPowerStore
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-28272
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows Server 2016Windows 10 Version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022Windows 11 version 21H2Windows 10 Version 1507Windows Server 2012Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows Server 2019Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2022-23266
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.41%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:06
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for IoT Elevation of Privilege Vulnerability

Microsoft Defender for IoT Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-defender_for_iotMicrosoft Defender for IoT
CVE-2023-28236
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.58%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 20H2Windows Server 2016Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022Windows 11 version 21H2Windows 10 Version 1507Windows Server 2012Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows Server 2019Windows Server 2019 (Server Core installation)
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CVE-2020-24556
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.71%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 18:55
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationTrend Micro Incorporated
Product-worry-free_business_security_servicesworry-free_business_securityapex_onewindowsmacosTrend Micro Apex OneTrend Micro OfficeScanTrend Micro Worry-Free Business Security
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-28047
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.89%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 06:59
Updated-05 Feb, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.

Action-Not Available
Vendor-Dell Inc.
Product-display_managerDell Display Manager
CWE ID-CWE-272
Least Privilege Violation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 48
  • 49
  • Next
Details not found