Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-38226

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-10 Sep, 2024 | 16:53
Updated At-30 Jul, 2025 | 01:36
Rejected At-
Credits

Microsoft Publisher Protection Mechanism Failure Vulnerability

Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Microsoft CorporationMicrosoft
Product:Publisher
Added At:10 Sep, 2024
Due At:01 Oct, 2024

Microsoft Publisher Protection Mechanism Failure Vulnerability

Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.

Used in Ransomware

:

Unknown

CWE

:
CWE-693

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226; https://nvd.nist.gov/vuln/detail/CVE-2024-38226
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:10 Sep, 2024 | 16:53
Updated At:30 Jul, 2025 | 01:36
Rejected At:
▼CVE Numbering Authority (CNA)
Microsoft Publisher Security Feature Bypass Vulnerability

Microsoft Publisher Security Feature Bypass Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office 2019
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 19.0.0 before https://aka.ms/OfficeSecurityReleases (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office LTSC 2021
Platforms
  • x64-based Systems
  • 32-bit Systems
Versions
Affected
  • From 16.0.1 before https://aka.ms/OfficeSecurityReleases (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Publisher 2016
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before 16.0.5465.1001 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-693CWE-693: Protection Mechanism Failure
Type: CWE
CWE ID: CWE-693
Description: CWE-693: Protection Mechanism Failure
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
kev
dateAdded:
2024-09-10
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38226
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
CVE-2024-38226 added to CISA KEV2024-09-10 00:00:00
Event: CVE-2024-38226 added to CISA KEV
Date: 2024-09-10 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:10 Sep, 2024 | 17:15
Updated At:12 Sep, 2024 | 01:00

Microsoft Publisher Security Feature Bypass Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2024-09-102024-10-01Microsoft Publisher Protection Mechanism Failure VulnerabilityApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Date Added: 2024-09-10
Due Date: 2024-10-01
Vulnerability Name: Microsoft Publisher Protection Mechanism Failure Vulnerability
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CPE Matches

Microsoft Corporation
microsoft
>>office>>2019
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>office>>2019
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>office>>2021
cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:*
Microsoft Corporation
microsoft
>>office>>2021
cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:*
Microsoft Corporation
microsoft
>>publisher>>2016
cpe:2.3:a:microsoft:publisher:2016:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>publisher>>2016
cpe:2.3:a:microsoft:publisher:2016:*:*:*:*:*:x86:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-693Secondarysecure@microsoft.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-693
Type: Secondary
Source: secure@microsoft.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

193Records found

CVE-2023-36582
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.65% / 69.97%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-36570
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.42% / 61.30%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_11_21h2windows_10_1809windows_10_22h2windows_10_21h2windows_11_22h2windows_10_1607windows_server_2022windows_10_1507windows_server_2019windows_server_2008windows_server_2016Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-2016
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-15.61% / 94.43%
||
7 Day CHG+3.49%
Published-08 Nov, 2011 | 21:00
Updated-04 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_vistawindows_7n/a
CVE-2023-36591
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.42% / 61.30%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_11_21h2windows_10_1809windows_10_22h2windows_10_21h2windows_11_22h2windows_10_1607windows_10windows_server_2022windows_server_2019windows_server_2008windows_server_2016Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-36571
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.42% / 61.30%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_11_21h2windows_10_1809windows_10_22h2windows_10_21h2windows_11_22h2windows_10_1607windows_server_2022windows_10_1507windows_server_2019windows_server_2008windows_server_2016Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-35624
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.29% / 51.76%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 18:10
Updated-01 Jan, 2025 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Connected Machine Agent Elevation of Privilege Vulnerability

Azure Connected Machine Agent Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_connected_machine_agentAzure Connected Machine Agent
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-33128
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-1.47% / 80.11%
||
7 Day CHG+0.38%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Remote Code Execution Vulnerability

.NET and Visual Studio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022.netPowerShell 7.3.NET 7.0Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.4Microsoft Visual Studio 2022 version 17.2Microsoft Visual Studio 2022 version 17.0.NET 6.0
CWE ID-CWE-416
Use After Free
CVE-2023-33135
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-1.08% / 76.97%
||
7 Day CHG+0.28%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Elevation of Privilege Vulnerability

.NET and Visual Studio Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022.net.NET 7.0Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.4Microsoft Visual Studio 2022 version 17.2Microsoft Visual Studio 2022 version 17.0.NET 6.0
CVE-2023-31027
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-8.2||HIGH
EPSS-0.03% / 5.81%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-12 Sep, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpuNVIDIA GPU Display driver, vGPU driver, and Cloud gaming drivergpu_display_driver
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-32054
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.41% / 60.35%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Volume Shadow Copy Elevation of Privilege Vulnerability

Volume Shadow Copy Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2019Windows 10 Version 22H2
CWE ID-CWE-36
Absolute Path Traversal
CVE-2023-31016
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.04% / 12.45%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:36
Updated-06 Sep, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpuNVIDIA GPU Display driver, vGPU driver, and Cloud gaming drivergpu_display_driver
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-29165
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-02 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsarc_a_graphicsiris_xe_graphicsIntel(R) Arc(TM) Control software
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-28065
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.62%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 11:04
Updated-04 Dec, 2024 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-windowsalienware_updatecommand_updateupdateDell Command Update (DCU)
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-22947
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.73%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."

Action-Not Available
Vendor-shibbolethn/aMicrosoft Corporation
Product-windowsservice_providern/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-35982
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.3||HIGH
EPSS-0.31% / 53.47%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:36
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Reader DC Windows Installer Uncontrolled Search Path element could lead to Arbitrary Code Execution

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. A local attacker with non-administrative privileges can plant a malicious DLL to achieve arbitrary code execution in the context of the current user via DLL hijacking. Exploitation of this issue requires user interaction.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAcrobat Reader
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2017-0213
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-91.81% / 99.68%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 14:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-18||Apply updates per vendor instructions.

Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_10_1607windows_server_2016windows_10_1507windows_8.1windows_10_1511windows_rt_8.1windows_10_1703Windows COMWindows
CVE-2024-7980
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.3||HIGH
EPSS-0.01% / 0.96%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 20:20
Updated-26 Aug, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromewindowsChromechrome
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-22282
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.44%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 00:00
Updated-11 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service.

Action-Not Available
Vendor-Microsoft CorporationElecom Co., Ltd.
Product-wab-matwindowsWAB-MAT
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-21715
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.47% / 63.43%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:33
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-03-07||Apply updates per vendor instructions.
Microsoft Publisher Security Feature Bypass Vulnerability

Microsoft Publisher Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsMicrosoft 365 Apps for EnterpriseOffice
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21568
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.13% / 33.58%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:32
Updated-01 Jan, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2019_integration_servicessql_server_2022_integration_servicesSQL Server Integration Services for Visual Studio 2022SQL Server Integration Services for Visual Studio 2019
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-19231
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-8
Assigner-CA Technologies - A Broadcom Company
CVSS Score-7.3||HIGH
EPSS-0.17% / 38.41%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 21:08
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges.

Action-Not Available
Vendor-Microsoft CorporationBroadcom Inc.
Product-windowsca_client_automationCA Client Automation
CWE ID-CWE-65
Windows Hard Link
CVE-2019-16861
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.27%
||
7 Day CHG~0.00%
Published-19 Nov, 2019 | 12:50
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server.

Action-Not Available
Vendor-code42n/aMicrosoft Corporation
Product-windowscode42n/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-16860
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.05% / 14.11%
||
7 Day CHG~0.00%
Published-19 Nov, 2019 | 12:44
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local machine.

Action-Not Available
Vendor-code42n/aMicrosoft Corporation
Product-windowscode42n/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2025-32721
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.08% / 24.87%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Recovery Driver Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows 11 version 22H2Windows Server 2022Windows 11 Version 23H2Windows 10 Version 1607Windows Server 2016 (Server Core installation)Windows Server 2025Windows 10 Version 22H2Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows Server 2016Windows 11 version 22H3Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 21H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-36945
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-1.03% / 76.40%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:12
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows 10 Update Assistant Elevation of Privilege Vulnerability

Windows 10 Update Assistant Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_update_assistantWindows Update Assistant
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1685
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.66% / 70.25%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-29792
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.29% / 52.12%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-09 Jul, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Elevation of Privilege Vulnerability

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeoffice_long_term_servicing_channel365_appsMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office 2016Microsoft Office 2019
CWE ID-CWE-416
Use After Free
CVE-2025-29804
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.10% / 29.06%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-10 Jul, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Elevation of Privilege Vulnerability

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022Microsoft Visual Studio 2022 version 17.13Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2022 version 17.12
CWE ID-CWE-284
Improper Access Control
CVE-2025-29802
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.13% / 33.22%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-10 Jul, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Elevation of Privilege Vulnerability

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2022 version 17.12
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-1185
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.80% / 73.06%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Subsystem for Linux Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 1903 for ARM64-based SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for x64-based Systems
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-29803
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.13% / 33.22%
||
7 Day CHG~0.00%
Published-12 Apr, 2025 | 01:32
Updated-10 Jul, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_tools_for_applications_2019_sdksql_server_management_studiovisual_studio_tools_for_applications_2019visual_studio_tools_for_applications_2022visual_studio_tools_for_applications_2022_sdkSQL Server Management Studio 20.2VSTA 2019 SDKVisual Studio Tools for Applications (VSTA)VSTA 2022 SDK
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2016-1014
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.3||HIGH
EPSS-0.21% / 44.10%
||
7 Day CHG~0.00%
Published-09 Apr, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2021-27070
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-2.11% / 83.40%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:49
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows 10 Update Assistant Elevation of Privilege Vulnerability

Windows 10 Update Assistant Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows Server version 2004Windows 10 Version 2004Windows Server version 20H2Windows 10 Version 20H2
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-30102
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-2.00% / 82.91%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 17:00
Updated-16 Jul, 2025 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsMicrosoft 365 Apps for Enterprise
CWE ID-CWE-416
Use After Free
CVE-2010-2883
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.3||HIGH
EPSS-93.25% / 99.80%
||
7 Day CHG~0.00%
Published-09 Sep, 2010 | 21:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||Apply updates per vendor instructions.

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-windowsacrobat_readeracrobatmacosn/aAcrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-26631
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.21% / 43.49%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-03 Jul, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Elevation of Privilege Vulnerability

Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-33436
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-28 Apr, 2022 | 10:57
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-nomachinen/aMicrosoft Corporation
Product-nomachinewindowsn/a
CVE-2021-31519
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.3||HIGH
EPSS-0.09% / 27.02%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 14:57
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowshousecall_for_home_networksTrend Micro HouseCall for Home Networks
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-31844
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-8.2||HIGH
EPSS-0.06% / 18.75%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 13:45
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation in McAfee DLP Endpoint for Windows

A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-windowsdata_loss_prevention_endpointMcAfee Data Loss Prevention (DLP) Endpoint for Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-24998
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.24% / 47.23%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-01 Jul, 2025 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Elevation of Privilege Vulnerability

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022visual_studio_2017visual_studio_2019Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2022 version 17.13
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-24994
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.13% / 33.21%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-03 Jul, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_11_24h2windows_11_22h2Windows 11 version 22H3Windows 11 Version 23H2Windows 11 version 22H2Windows 11 Version 24H2
CWE ID-CWE-284
Improper Access Control
CVE-2025-25003
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.24% / 47.23%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-01 Jul, 2025 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Elevation of Privilege Vulnerability

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022visual_studio_2019Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2022 version 17.13
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-33126
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-1.08% / 76.97%
||
7 Day CHG+0.28%
Published-13 Jun, 2023 | 23:26
Updated-01 Jan, 2025 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Remote Code Execution Vulnerability

.NET and Visual Studio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022.net.NET 7.0Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.4PowerShell 7.2Microsoft Visual Studio 2022 version 17.2Microsoft Visual Studio 2022 version 17.0.NET 6.0
CVE-2025-24076
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-1.59% / 80.93%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-07 Jul, 2025 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_23h2windows_11_22h2windows_server_2022_23h2windows_server_2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 11 version 22H2Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2025Windows 11 Version 23H2
CWE ID-CWE-284
Improper Access Control
CVE-2025-24039
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.28% / 50.80%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-02 Jul, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Elevation of Privilege Vulnerability

Visual Studio Code Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-24042
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.09% / 26.15%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-02 Jul, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability

Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code - JS Debug Extension
CWE ID-CWE-284
Improper Access Control
CVE-2021-31204
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-8.69% / 92.12%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET and Visual Studio Elevation of Privilege Vulnerability

.NET and Visual Studio Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Fedora ProjectMicrosoft Corporation
Product-.netvisual_studio_2019fedora.net_coreMicrosoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8).NET 5.0Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Visual Studio 2019 for Mac version 8.9Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6).NET Core 3.1
CVE-2025-21331
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.12% / 31.64%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-02 Apr, 2025 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_22h2windows_server_2022windows_server_2008windows_server_2019windows_10_1507windows_10_1809windows_server_2012windows_server_2022_23h2windows_10_1607windows_server_2016windows_11_23h2windows_10_21h2Windows Server 2008 R2 Service Pack 1Windows 11 version 22H3Windows 10 Version 1607Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2022Windows 11 version 22H2Windows Server 2016Windows Server 2012 R2Windows Server 2012Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows Server 2008 Service Pack 2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-28649
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.3||HIGH
EPSS-0.09% / 27.02%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 14:57
Updated-03 Aug, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowshousecall_for_home_networksTrend Micro HouseCall for Home Networks
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-21206
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.45% / 62.67%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-12 Mar, 2025 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Installer Elevation of Privilege Vulnerability

Visual Studio Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022visual_studio_2019visual_studio_2017Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
CWE ID-CWE-427
Uncontrolled Search Path Element
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found