Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-38220

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-10 Sep, 2024 | 16:53
Updated At-31 Dec, 2024 | 23:02
Rejected At-
Credits

Azure Stack Hub Elevation of Privilege Vulnerability

Azure Stack Hub Elevation of Privilege Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:10 Sep, 2024 | 16:53
Updated At:31 Dec, 2024 | 23:02
Rejected At:
▼CVE Numbering Authority (CNA)
Azure Stack Hub Elevation of Privilege Vulnerability

Azure Stack Hub Elevation of Privilege Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Azure Stack Hub
Platforms
  • Unknown
Versions
Affected
  • From 1.0.0 before 1.2406.1.15 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284: Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284: Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.19.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 9.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38220
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38220
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:10 Sep, 2024 | 17:15
Updated At:17 Sep, 2024 | 16:59

Azure Stack Hub Elevation of Privilege Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>azure_stack_hub>>Versions before 1.2311.1.22(exclusive)
cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-284Secondarysecure@microsoft.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38220secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38220
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

227Records found
CVE-2023-31019
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.80%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-12 Sep, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpuNVIDIA GPU Display driver, vGPU driver, and Cloud gaming drivergpu_display_driver
CWE ID-CWE-284
Improper Access Control
CVE-2023-28246
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.15%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Registry Elevation of Privilege Vulnerability

Windows Registry Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_21h2windows_11_22h2windows_server_2022Windows Server 2022Windows 11 version 21H2Windows 11 version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2023-28714
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.04% / 10.52%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-17 Oct, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsproset\/wireless_wifiIntel(R) PROSet/Wireless WiFi software for Windowsintel_proset_wireless_wifi_software_for_windows
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-284
Improper Access Control
CVE-2023-27875
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.64%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 12:37
Updated-26 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex improper access controls

IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-linux_kernelaspera_faspexwindowsAspera Faspex
CWE ID-CWE-284
Improper Access Control
CVE-2023-26408
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.41% / 79.75%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 00:00
Updated-05 Mar, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-20712: AnnotsString Object prototype pollution Restrictions Bypass Vulnerability

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-284
Improper Access Control
CVE-2023-26406
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.41% / 79.75%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 00:00
Updated-05 Mar, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-20712: Net.HTTP.request URL restriction bypass

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-284
Improper Access Control
CVE-2021-3626
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.97%
||
7 Day CHG~0.00%
Published-01 Oct, 2021 | 02:35
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows version of Multipass unauthenticated localhost tcp control socket can perform mounts

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.

Action-Not Available
Vendor-Canonical Ltd.Microsoft Corporation
Product-windowsmultipassMultipass
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-284
Improper Access Control
CVE-2023-22448
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 31.64%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-284
Improper Access Control
CVE-2023-21531
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.13% / 32.98%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Service Fabric Container Elevation of Privilege Vulnerability

Azure Service Fabric Container Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_service_fabricAzure Service Fabric 9.1Azure Service Fabric 8.2Azure Service Fabric 9.0 for Linux
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-24905
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.64%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 17:02
Updated-10 Jul, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Desktop Client Remote Code Execution Vulnerability

Remote Desktop Client Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_21h2windows_10_22h2windows_10_20h2windows_11_22h2Windows 11 version 22H2Windows 10 Version 20H2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
CVE-2023-21750
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.58% / 67.81%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2023-21742
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-16.31% / 94.60%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-28 Feb, 2025 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016
CWE ID-CWE-284
Improper Access Control
CVE-2021-35245
Matching Score-6
Assigner-SolarWinds
ShareView Details
Matching Score-6
Assigner-SolarWinds
CVSS Score-8.4||HIGH
EPSS-0.12% / 31.46%
||
7 Day CHG~0.00%
Published-06 Dec, 2021 | 16:52
Updated-17 Sep, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken Access Control Vulnerability for SolarWinds Serv-U

When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.Microsoft Corporation
Product-windowsserv-uServ-U FTP
CWE ID-CWE-284
Improper Access Control
CVE-2023-28300
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 73.55%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Service Connector Security Feature Bypass Vulnerability

Azure Service Connector Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_service_connectorAzure Service Connector
CWE ID-CWE-284
Improper Access Control
CVE-2016-4800
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.60%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.

Action-Not Available
Vendor-n/aEclipse Foundation AISBLMicrosoft Corporation
Product-jettywindowsn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-5101
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.06% / 76.72%
||
7 Day CHG~0.00%
Published-29 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message.

Action-Not Available
Vendor-n/aOperaMicrosoft Corporation
Product-windowsopera_mailn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-3245
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-11.96% / 93.50%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka "Internet Explorer Security Feature Bypass Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-3345
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-31.92% / 96.66%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Authenticated Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-3366
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-15.12% / 94.33%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in an e-mail attachment, aka "Microsoft Office Spoofing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-outlookn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-3226
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-13.44% / 93.94%
||
7 Day CHG+0.51%
Published-16 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka "Active Directory Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_server_2012n/a
CWE ID-CWE-284
Improper Access Control
CVE-2023-0012
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 10.88%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 02:44
Updated-09 Apr, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation in SAP Host Agent (Windows)

In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised.

Action-Not Available
Vendor-Microsoft CorporationSAP SE
Product-windowshost_agentHost Agent (Windows)
CWE ID-CWE-284
Improper Access Control
CVE-2016-8821
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.36%
||
7 Day CHG~0.00%
Published-16 Dec, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsgpu_driverWindows GPU Display Driver
CWE ID-CWE-284
Improper Access Control
CVE-2014-0578
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-0.36% / 57.65%
||
7 Day CHG~0.00%
Published-09 Jul, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-8223
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.06%
||
7 Day CHG~0.00%
Published-29 Nov, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.

Action-Not Available
Vendor-Lenovo Group LimitedMicrosoft Corporation
Product-system_interface_foundationwindows_10All ThinkPad, ThinkCentre, ThinkStation and Lenovo-branded systems preloaded with the Windows 10 operating system, or any system running Lenovo Companion, Lenovo Settings, or Lenovo ID.
CWE ID-CWE-284
Improper Access Control
CVE-2016-7248
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-31.56% / 96.63%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Video Control Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_rt_8.1windows_vistawindows_8.1windows_10n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-6958
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.26% / 78.61%
||
7 Day CHG~0.00%
Published-13 Oct, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to bypass intended access restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2023-22285
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.21%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-284
Improper Access Control
CVE-2023-21777
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.7||HIGH
EPSS-0.14% / 34.95%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:32
Updated-01 Jan, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability

Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_app_service_on_azure_stackAzure App Service on Azure Stack Hub
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-33072
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.12% / 32.15%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 22:17
Updated-15 Jul, 2025 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability

Improper access control in Azure allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-msagsfeedback.azurewebsites.netMicrosoft msagsfeedback.azurewebsites.net
CWE ID-CWE-284
Improper Access Control
CVE-2025-33073
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.96% / 75.56%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-19 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SMB Client Elevation of Privilege Vulnerability

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2012Windows 10 Version 22H2Windows 10 Version 1507Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2025Windows 10 Version 1809Windows Server 2022Windows 11 version 22H2Windows Server 2016 (Server Core installation)Windows Server 2016Windows 11 Version 23H2Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1Windows 11 version 22H3Windows Server 2019Windows Server 2019 (Server Core installation)Windows 10 Version 1607Windows Server 2025 (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CVE-2025-33056
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Local Security Authority (LSA) Denial of Service Vulnerability

Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2025Windows Server 2012Windows 10 Version 22H2Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1507Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
CVE-2025-21340
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 26.70%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-02 Apr, 2025 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_server_2025windows_11_24h2windows_10_22h2windows_server_2019windows_10_1809windows_server_2022_23h2windows_server_2022windows_11_23h2windows_10_21h2Windows 11 version 22H3Windows 10 Version 21H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows Server 2022Windows Server 2025 (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows 10 Version 1809Windows 11 Version 24H2
CWE ID-CWE-284
Improper Access Control
CVE-2025-32714
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.08%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2025Windows Server 2012Windows 10 Version 22H2Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1507Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
CVE-2016-7225
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.09% / 77.07%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_10n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-7247
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-30.24% / 96.52%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-32722
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Storage Port Driver Information Disclosure Vulnerability

Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows 10 Version 1607Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2025Windows Server 2012Windows 10 Version 22H2Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
CVE-2016-7226
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.09% / 77.07%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_10n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-7223
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-7237
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-58.60% / 98.13%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-7244
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-24.21% / 95.86%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-7224
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.09% / 77.07%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-7212
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-40.71% / 97.28%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka "Windows Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-32726
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.31%
||
7 Day CHG~0.00%
Published-12 Apr, 2025 | 01:32
Updated-08 Jul, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Elevation of Privilege Vulnerability

Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CWE ID-CWE-284
Improper Access Control
CVE-2016-4760
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.07% / 76.84%
||
7 Day CHG~0.00%
Published-25 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-windowssafariiphone_ositunesn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-3244
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-20.01% / 95.27%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-4215
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-0.94% / 75.29%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-3276
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-3.1||LOW
EPSS-7.19% / 91.22%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-4286
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.42% / 84.49%
||
7 Day CHG~0.00%
Published-13 Oct, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncRed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_osenterprise_linux_serverlinux_kernelflash_player_desktop_runtimeenterprise_linux_desktopenterprise_linux_workstationwindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-3274
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-3.1||LOW
EPSS-7.17% / 91.20%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_exploreredgen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-3319
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-37.19% / 97.05%
||
7 Day CHG~0.00%
Published-09 Aug, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2012windows_8.1edgewindows_10n/a
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found