Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-34148

Summary
Assigner-trendmicro
Assigner Org ID-7f7bd7df-cffe-4fdb-ab6d-859363b89272
Published At-26 Jun, 2023 | 21:58
Updated At-04 Dec, 2024 | 16:07
Rejected At-
Credits

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:trendmicro
Assigner Org ID:7f7bd7df-cffe-4fdb-ab6d-859363b89272
Published At:26 Jun, 2023 | 21:58
Updated At:04 Dec, 2024 | 16:07
Rejected At:
▼CVE Numbering Authority (CNA)

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147.

Affected Products
Vendor
Trend Micro IncorporatedTrend Micro, Inc.
Product
Trend Micro Apex One
Versions
Affected
  • From 2019 before 14.0.0.12033 (semver)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US
N/A
https://www.zerodayinitiative.com/advisories/ZDI-23-834/
N/A
Hyperlink: https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-23-834/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-23-834/
x_transferred
Hyperlink: https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-23-834/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Trend Micro Incorporatedtrend_micro_inc
Product
trend_micro_apex_one
CPEs
  • cpe:2.3:a:trend_micro_inc:trend_micro_apex_one:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 2019 before 14.0.0.12033 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-863CWE-863 Incorrect Authorization
Type: CWE
CWE ID: CWE-863
Description: CWE-863 Incorrect Authorization
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@trendmicro.com
Published At:26 Jun, 2023 | 22:15
Updated At:04 Dec, 2024 | 17:15

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Trend Micro Incorporated
trendmicro
>>apex_one>>Versions before 14.0.12518(exclusive)
cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*
Trend Micro Incorporated
trendmicro
>>apex_one>>2019
cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE-863Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-863
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://success.trendmicro.com/dcx/s/solution/000293322?language=en_USsecurity@trendmicro.com
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-834/security@trendmicro.com
Third Party Advisory
VDB Entry
https://success.trendmicro.com/dcx/s/solution/000293322?language=en_USaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-834/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US
Source: security@trendmicro.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-23-834/
Source: security@trendmicro.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-23-834/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

2626Records found
CVE-2022-35761
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-10.79% / 93.06%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:56
Updated-29 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_server_2019windows_10windows_11windows_server_2016Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019Windows Server version 20H2Windows 11 version 21H2Windows Server 2016 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 10 Version 20H2Windows 10 Version 21H2Windows Server 2022
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-35762
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.80% / 85.54%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:56
Updated-29 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Direct Elevation of Privilege Vulnerability

Storage Spaces Direct Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_server_2016windows_server_2022windows_server_2019Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019Windows Server version 20H2Windows Server 2016 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 10 Version 20H2Windows 10 Version 21H2Windows Server 2022
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-33640
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.14% / 77.49%
||
7 Day CHG+0.16%
Published-09 Aug, 2022 | 19:50
Updated-05 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-open_management_infrastructuresystem_center_operations_managerSystem Center Operations Manager (SCOM) 2019Open Management InfrastructureSystem Center Operations Manager (SCOM) 2016System Center Operations Manager (SCOM) 2022
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-48903
Matching Score-10
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-10
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.74%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 18:28
Updated-31 Jul, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsdeep_security_agentTrend Micro Deep Security Agentdeep_security_agent
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-31169
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.27%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Container Manager Service Elevation of Privilege Vulnerability

Windows Container Manager Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows Server version 2004Windows 10 Version 2004Windows Server version 20H2Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1697
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.84%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows InstallService Elevation of Privilege Vulnerability

Windows InstallService Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1698
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.61% / 68.83%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32k Elevation of Privilege Vulnerability

Windows Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1650
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.28% / 50.89%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1803Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1702
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 51.82%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability

Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1680
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.35% / 56.53%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016visual_studiovisual_studio_2019windows_10visual_studio_2017windows_server_2019Windows 10 Version 1607Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Windows Server version 2004Windows Server 2019 (Server Core installation)Microsoft Visual Studio 2019 version 16.0Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Microsoft Visual Studio 2019 version 16.8Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Microsoft Visual Studio 2015 Update 3Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1803Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Windows Server, version 1909 (Server Core installation)Windows Server 2019
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1709
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.27% / 50.55%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32k Elevation of Privilege Vulnerability

Windows Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1686
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.80%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows WalletService Elevation of Privilege Vulnerability

Windows WalletService Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 1803Windows 10 Version 1809Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1652
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.84%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows CSC Service Elevation of Privilege Vulnerability

Windows CSC Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1648
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.98% / 75.81%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft splwow64 Elevation of Privilege Vulnerability

Microsoft splwow64 Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1803Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1655
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.84%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows CSC Service Elevation of Privilege Vulnerability

Windows CSC Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1687
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.80%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows WalletService Elevation of Privilege Vulnerability

Windows WalletService Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 1803Windows 10 Version 1809Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-7289
Matching Score-10
Assigner-Trellix
ShareView Details
Matching Score-10
Assigner-Trellix
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.57%
||
7 Day CHG~0.00%
Published-08 May, 2020 | 12:40
Updated-17 Sep, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation vulnerability in MAR for Windows

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-windowsactive_responseMcAfee Active Response (MAR) for Windows
CWE ID-CWE-274
Improper Handling of Insufficient Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-35765
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.80% / 85.54%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:57
Updated-29 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Direct Elevation of Privilege Vulnerability

Storage Spaces Direct Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_server_2016windows_server_2022windows_server_2019Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019Windows Server version 20H2Windows Server 2016 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 10 Version 20H2Windows 10 Version 21H2Windows Server 2022
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-23742
Matching Score-8
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-8
Assigner-Check Point Software Ltd.
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.52%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 19:23
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links.

Action-Not Available
Vendor-n/aMicrosoft CorporationCheck Point Software Technologies Ltd.
Product-windowsendpoint_securityCheck Point Endpoint Security Client for Windows
CWE ID-CWE-65
Windows Hard Link
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-1236
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.03% / 76.37%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 20:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-416
Use After Free
CVE-2020-24367
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 20:43
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user.

Action-Not Available
Vendor-bluestacksn/aMicrosoft Corporation
Product-windowsbluestacksn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-24481
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-44.25% / 97.46%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:03
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-21912
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.63%
||
7 Day CHG~0.00%
Published-22 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)Microsoft Corporation
Product-windowsr-seenetAdvantech
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2011-0676
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.92% / 75.03%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 20:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-23714
Matching Score-8
Assigner-Elastic
ShareView Details
Matching Score-8
Assigner-Elastic
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.05%
||
7 Day CHG~0.00%
Published-06 Jul, 2022 | 13:57
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

Action-Not Available
Vendor-Microsoft CorporationElasticsearch BV
Product-windowsendpoint_securityEndpoint Security
CWE ID-CWE-264
Not Available
CVE-2022-24521
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.18% / 83.67%
||
7 Day CHG-0.48%
Published-15 Apr, 2022 | 19:03
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-04||Apply updates per vendor instructions.
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_1909windows_7windows_10_20h2windows_10_1607windows_server_20h2windows_server_2022windows_server_2008windows_server_2016windows_11_21h2windows_10_1809windows_10_21h2windows_10_21h1windows_8.1windows_rt_8.1windows_10_1507windows_server_2019Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows 11 version 21H2Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1909Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2022Windows Server version 20H2Windows Server 2016Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 7 Service Pack 1Windows 7Windows 10 Version 21H1Windows Server 2012Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24459
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.43%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:07
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Fax and Scan Service Elevation of Privilege Vulnerability

Windows Fax and Scan Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows 10 Version 1909Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2016Windows 7Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CVE-2023-21764
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.86%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Elevation of Privilege Vulnerability

Microsoft Exchange Server Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 11Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 12
CWE ID-CWE-426
Untrusted Search Path
CVE-2022-24454
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.43%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:07
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Security Support Provider Interface Elevation of Privilege Vulnerability

Windows Security Support Provider Interface Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows 10 Version 1909Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2016Windows 7Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CVE-2022-23909
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.13%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 05:49
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.

Action-Not Available
Vendor-gimmaln/aMicrosoft Corporation
Product-windowssherpa_connector_servicen/a
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2024-38135
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.69% / 70.94%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_22h2windows_server_2022_23h2windows_11_23h2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows 11 Version 24H2Windows 11 Version 23H2
CWE ID-CWE-126
Buffer Over-read
CVE-2024-38142
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.69% / 70.94%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2019Windows 11 version 22H3Windows Server 2016Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-38084
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.23% / 78.32%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:29
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OfficePlus Elevation of Privilege Vulnerability

Microsoft OfficePlus Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-officeplusMicrosoft OfficePLUS
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-38057
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.57% / 67.77%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2012Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2008 R2 Service Pack 1Windows Server 2019Windows 11 version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-24496
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.37%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:03
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2022-24489
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 39.13%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:03
Updated-24 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cluster Client Failover (CCF) Elevation of Privilege Vulnerability

Cluster Client Failover (CCF) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_server_2022Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server version 20H2Windows Server 2022
CVE-2024-38100
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-20.09% / 95.28%
||
7 Day CHG+2.28%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows File Explorer Elevation of Privilege Vulnerability

Windows File Explorer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2019windows_server_2022Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016Windows Server 2019Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CVE-2024-38245
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.63% / 69.46%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 1607Windows 11 version 22H3Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows 11 Version 24H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38241
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.04% / 76.47%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 1607Windows 11 version 22H3Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 Version 23H2Windows Server 2019Windows 10 Version 22H2Windows 11 Version 24H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38054
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-20.85% / 95.40%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2012Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2008 R2 Service Pack 1Windows Server 2019Windows 11 version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 22H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-38243
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.63% / 69.46%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 1607Windows 11 version 22H3Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 Version 23H2Windows Server 2019Windows 10 Version 22H2Windows 11 Version 24H2
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38253
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 65.57%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_24h2windows_11_21h2windows_11_22h2windows_11_23h2Windows 11 version 22H3Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 21H2Windows 11 Version 24H2
CWE ID-CWE-416
Use After Free
CVE-2024-38125
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows 11 Version 24H2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows 11 version 22H3Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2012Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-197
Numeric Truncation Error
CVE-2024-38163
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.00% / 76.02%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 23:23
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Update Stack Elevation of Privilege Vulnerability

Windows Update Stack Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_21h2windows_server_2022windows_10_22h2Windows 11 version 21H2Windows Server 2022Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
CVE-2024-38150
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.13% / 77.46%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows DWM Core Library Elevation of Privilege Vulnerability

Windows DWM Core Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2022_23h2windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_11_23h2Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2022Windows 11 version 22H2Windows 11 Version 24H2Windows 11 Version 23H2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-416
Use After Free
CVE-2024-38238
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.59% / 68.17%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:54
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 1607Windows 11 version 22H3Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 Version 23H2Windows Server 2019Windows 10 Version 22H2Windows 11 Version 24H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-37979
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.25% / 47.73%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2022Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2012
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2024-38070
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.57% / 67.48%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability

Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2012Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2019Windows 11 version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2024-38250
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.59% / 68.17%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Elevation of Privilege Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_11_22h2windows_10_1507windows_11_21h2windows_10_1607windows_10_21h1windows_11_23h2office_long_term_servicing_channelwindows_10_1809officewindows_10_22h2windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 11 version 22H3Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Microsoft Office LTSC for Mac 2021Microsoft Office for UniversalWindows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Microsoft Office for Android
CWE ID-CWE-126
Buffer Over-read
CVE-2024-38059
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-5.51% / 89.86%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2022_23h2windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_11_23h2Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 21H2Windows 10 Version 22H2Windows 11 version 22H3
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 52
  • 53
  • Next
Details not found