Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-7553

Summary
Assigner-mongodb
Assigner Org ID-a39b4221-9bd0-4244-95fc-f3e2e07f1deb
Published At-07 Aug, 2024 | 09:57
Updated At-07 Aug, 2024 | 15:27
Rejected At-
Credits

Accessing Untrusted Directory May Allow Local Privilege Escalation

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mongodb
Assigner Org ID:a39b4221-9bd0-4244-95fc-f3e2e07f1deb
Published At:07 Aug, 2024 | 09:57
Updated At:07 Aug, 2024 | 15:27
Rejected At:
â–¼CVE Numbering Authority (CNA)
Accessing Untrusted Directory May Allow Local Privilege Escalation

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue

Affected Products
Vendor
MongoDB, Inc.MongoDB Inc
Product
MongoDB Server
CPEs
  • cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:5.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:7.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:mongodb:7.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mongodb:c_driver:0.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.3.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.5:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.5.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.5.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.6:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.7:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.7.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.8:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.8.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.90.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.92.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.92.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.94.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.94.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.96.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.96.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.96.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.98.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:0.98.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.0.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.0.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.1.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.1.0:rc0:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.1.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.1.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.1.5:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.1.6:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.1.7:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.1.8:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.1.9:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.1.10:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.1.11:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.2.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.2.0:beta:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.2.0:beta1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.2.0:rc0:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.2.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.2.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.2.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.2.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.3.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.3.0:beta0:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.3.0:rc0:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.3.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.3.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.3.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.3.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.3.5:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.3.6:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.4.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.4.0:beta0:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.4.0:beta1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.4.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.4.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.4.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.5.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.5.0:rc0:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.5.0:rc1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.5.0:rc2:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.5.0:rc3:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.5.0:rc4:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.5.0:rc6:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.5.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.5.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.5.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.5.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.5.5:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.6.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.6.0:rc0:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.6.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.6.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.6.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.7.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.7.0:rc0:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.7.0:rc1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.7.0:rc2:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.8.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.8.0:rc0:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.8.0:rc1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.8.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.8.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.9.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.9.0:rc0:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.9.0:rc1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.9.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.9.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.9.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.9.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.9.5:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.10.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.10.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.10.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.10.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.11.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.12.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.13.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.13.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.14.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.14.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.15.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.15.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.15.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.15.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.16.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.16.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.16.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.17.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.17.0:beta:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.17.0:beta2:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.17.0:rc0:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.17.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.17.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.17.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.17.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.17.5:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.17.6:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.17.7:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.18.0:alpha:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.18.0:alpha2:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.18.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.19.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.19.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.19.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.20.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.20.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.21.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.21.0:beta0:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.21.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.21.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.22.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.22.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.22.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.23.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.23.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.23.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.23.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.23.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.23.5:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.24.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.24.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.24.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.24.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.24.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.25.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.25.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.25.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.25.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.25.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.26.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:c_driver:1.26.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.1.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.1.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.1.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.1.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.1.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.1.5:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.2.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.3.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.3.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.4.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.4.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.5.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.5.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.6.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.6.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.6.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:0.6.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.0.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.0.0:alpha1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.0.0:alpha2:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.0.0:beta1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.0.0:beta2:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.0.0:rc0:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.0.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.1.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.1.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.1.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.1.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.1.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.1.5:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.1.6:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.1.7:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.1.8:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.1.9:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.1.10:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.2.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.2.0:alpha1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.2.0:alpha2:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.2.0:alpha3:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.2.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.2.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.2.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.2.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.2.5:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.2.6:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.2.7:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.2.8:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.2.9:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.2.10:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.2.11:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.3.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.3.0:beta1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.3.0:beta2:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.3.0:rc1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.3.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.3.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.3.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.3.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.4.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.4.0:beta1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.4.0:rc1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.4.0:rc2:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.4.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.4.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.4.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.4.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.5.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.5.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.5.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.5.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.5.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.5.5:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.6.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.6.0:alpha1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.6.0:alpha2:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.6.0:alpha3:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.6.0:rc1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.6.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.7.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.7.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.7.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.7.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.7.4:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.7.5:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.8.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.8.0:beta1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.8.0:beta2:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.8.0:rc1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.8.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.8.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.9.0:-:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.9.0:rc1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.9.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.9.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.10.0:alpha1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.10.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.11.0:alpha1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.11.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.11.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.12.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.12.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.13.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.14.0:beta1:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.14.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.14.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.14.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.15.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.15.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.15.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.15.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.16.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.16.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.16.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.17.0:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.17.1:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.17.2:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.17.3:*:*:*:*:mongodb:*:*
  • cpe:2.3:a:mongodb:php_driver:1.18.0:*:*:*:*:mongodb:*:*
Default Status
unaffected
Versions
Affected
  • From 5.0 before 5.0.27 (custom)
  • From 6.0 before 6.0.16 (custom)
  • From 7.0 before 7.0.12 (custom)
  • From 7.3 before 7.3.3 (custom)
Vendor
MongoDB, Inc.MongoDB Inc
Product
MongoDB C Driver
Default Status
unaffected
Versions
Affected
  • From 0 before 1.26.2 (custom)
Vendor
MongoDB, Inc.MongoDB Inc
Product
MongoDB PHP Driver
Default Status
unaffected
Versions
Affected
  • From 0 before 1.18.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284: Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284: Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations

Only environments with Windows as the underlying operating system is affected by this issue

Workarounds
Exploits
Credits
finder
T. DoÄŸa GeliÅŸli
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jira.mongodb.org/browse/PHPC-2369
N/A
https://jira.mongodb.org/browse/SERVER-93211
N/A
https://jira.mongodb.org/browse/CDRIVER-5650
N/A
Hyperlink: https://jira.mongodb.org/browse/PHPC-2369
Resource: N/A
Hyperlink: https://jira.mongodb.org/browse/SERVER-93211
Resource: N/A
Hyperlink: https://jira.mongodb.org/browse/CDRIVER-5650
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@mongodb.com
Published At:07 Aug, 2024 | 10:15
Updated At:19 Sep, 2024 | 20:46

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CPE Matches
MongoDB, Inc.
mongodb
>>mongodb>>Versions from 5.0.0(inclusive) to 5.0.27(exclusive)
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_1507>>-
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1511>>-
cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1607>>-
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1703>>-
cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1709>>-
cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1803>>-
cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1809>>-
cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1903>>-
cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1909>>-
cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_2004>>-
cpe:2.3:o:microsoft:windows_10_2004:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_20h2>>-
cpe:2.3:o:microsoft:windows_10_20h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_21h1>>-
cpe:2.3:o:microsoft:windows_10_21h1:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_21h2>>-
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_22h2>>-
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2016>>-
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
MongoDB, Inc.
mongodb
>>mongodb>>Versions from 6.0.0(inclusive) to 6.0.16(exclusive)
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_1507>>-
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1511>>-
cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1607>>-
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1703>>-
cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1709>>-
cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1803>>-
cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1809>>-
cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1903>>-
cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1909>>-
cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_2004>>-
cpe:2.3:o:microsoft:windows_10_2004:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_20h2>>-
cpe:2.3:o:microsoft:windows_10_20h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_21h1>>-
cpe:2.3:o:microsoft:windows_10_21h1:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_21h2>>-
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_22h2>>-
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2016>>-
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
MongoDB, Inc.
mongodb
>>mongodb>>Versions from 7.0.0(inclusive) to 7.0.12(exclusive)
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
MongoDB, Inc.
mongodb
>>mongodb>>Versions from 7.3.0(inclusive) to 7.3.3(exclusive)
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_11>>-
cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_11_21h2>>-
cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_11_22h2>>-
cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_11_23h2>>-
cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2022>>-
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
MongoDB, Inc.
mongodb
>>c_driver>>Versions before 1.26.2(exclusive)
cpe:2.3:a:mongodb:c_driver:*:*:*:*:*:mongodb:*:*
Microsoft Corporation
microsoft
>>windows_10_1507>>-
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1511>>-
cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1607>>-
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1703>>-
cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1709>>-
cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1803>>-
cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1809>>-
cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-284Secondarycna@mongodb.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: cna@mongodb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jira.mongodb.org/browse/CDRIVER-5650cna@mongodb.com
Vendor Advisory
https://jira.mongodb.org/browse/PHPC-2369cna@mongodb.com
Vendor Advisory
https://jira.mongodb.org/browse/SERVER-93211cna@mongodb.com
Vendor Advisory
Hyperlink: https://jira.mongodb.org/browse/CDRIVER-5650
Source: cna@mongodb.com
Resource:
Vendor Advisory
Hyperlink: https://jira.mongodb.org/browse/PHPC-2369
Source: cna@mongodb.com
Resource:
Vendor Advisory
Hyperlink: https://jira.mongodb.org/browse/SERVER-93211
Source: cna@mongodb.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2711Records found
CVE-2025-47993
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.71% / 72.58%
||
7 Day CHG+0.19%
Published-08 Jul, 2025 | 16:57
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PC Manager Elevation of Privilege Vulnerability

Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2025windows_11_24h2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-284
Improper Access Control
CVE-2025-47161
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-4.36% / 89.17%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 19:21
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for Endpoint Elevation of Privilege Vulnerability

Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-defender_for_endpointMicrosoft Defender for Endpoint for Linux
CWE ID-CWE-284
Improper Access Control
CVE-2024-38163
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.81% / 74.59%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 23:23
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Update Stack Elevation of Privilege Vulnerability

Windows Update Stack Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_21h2windows_server_2022windows_10_22h2Windows 11 version 21H2Windows Server 2022Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
CVE-2024-38202
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-2.94% / 86.71%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 01:59
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Update Stack Elevation of Privilege Vulnerability

Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems. If there are any further updates regarding mitigations for this vulnerability, this CVE will be updated and customers will be notified. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert if an update occurs. Details A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability. Microsoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems. If there are any further... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2022_23h2windows_server_2016windows_server_2019windows_11_22h2windows_10_1607windows_10_22h2windows_10_21h2windows_10_1809windows_11_21h2windows_server_2022Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2019Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
CVE-2024-38100
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-30.76% / 96.83%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-10 Feb, 2026 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows File Explorer Elevation of Privilege Vulnerability

Windows File Explorer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2019windows_server_2022Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019
CWE ID-CWE-284
Improper Access Control
CVE-2024-38195
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.49% / 65.86%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure CycleCloud Remote Code Execution Vulnerability

Azure CycleCloud Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_cyclecloudAzure CycleCloud 8.4.0Azure CycleCloud 8.4.1Azure CycleCloud 8.6.0Azure CycleCloud 8.0.2Azure CycleCloud 8.1.0Azure CycleCloud 8.2.2Azure CycleCloud 8.2.1Azure CycleCloud 8.0.0Azure CycleCloud 8.4.2Azure CycleCloud 8.2.0Azure CycleCloud 8.5.0Azure CycleCloudAzure CycleCloud 8.1.1Azure CycleCloud 8.0.1Azure CycleCloud 8.3.0
CWE ID-CWE-284
Improper Access Control
CVE-2024-38162
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.67% / 71.66%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Connected Machine Agent Elevation of Privilege Vulnerability

Azure Connected Machine Agent Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_connected_machine_agentAzure Connected Machine Agent
CWE ID-CWE-284
Improper Access Control
CVE-2023-41772
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-19.53% / 95.54%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_server_2019Windows Server 2019 (Server Core installation)Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 1809Windows Server 2022Windows 10 Version 22H2Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
CVE-2024-26203
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.50% / 66.32%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:57
Updated-03 May, 2025 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Data Studio Elevation of Privilege Vulnerability

Azure Data Studio Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_data_studioAzure Data Studio
CWE ID-CWE-284
Improper Access Control
CVE-2023-33155
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.47%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2024-21436
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.45%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:58
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2025-29804
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.36% / 58.32%
||
7 Day CHG-0.13%
Published-08 Apr, 2025 | 17:24
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Elevation of Privilege Vulnerability

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2022Microsoft Visual Studio 2022 version 17.10Microsoft Visual Studio 2022 version 17.12Microsoft Visual Studio 2022 version 17.13Microsoft Visual Studio 2022 version 17.8
CWE ID-CWE-284
Improper Access Control
CVE-2025-27744
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 52.39%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Elevation of Privilege Vulnerability

Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeMicrosoft Office 2016
CWE ID-CWE-284
Improper Access Control
CVE-2025-24076
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-3.96% / 88.61%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-13 Feb, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_23h2windows_11_22h2windows_server_2022_23h2windows_server_2025Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3
CWE ID-CWE-284
Improper Access Control
CVE-2023-51751
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.17% / 37.93%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 00:00
Updated-16 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.

Action-Not Available
Vendor-scalefusionn/aMicrosoft Corporation
Product-scalefusionwindowsn/a
CWE ID-CWE-284
Improper Access Control
CVE-2023-36725
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 24.80%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_server_2019Windows Server 2019 (Server Core installation)Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 1809Windows Server 2022Windows 10 Version 22H2Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
CVE-2023-36790
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.67%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:08
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability

Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)
CWE ID-CWE-284
Improper Access Control
CVE-2023-32479
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.56%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 08:09
Updated-22 Aug, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-windowssecurity_management_serverencryptionendpoint_security_suite_enterpriseDell Security Management Server (Windows)Dell Endpoint Security Suite EnterpriseDell Encryptionsecurity_management_serverencryptionendpoint_security_suite_enterprise
CWE ID-CWE-284
Improper Access Control
CVE-2023-31019
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.05%
||
7 Day CHG~0.00%
Published-02 Nov, 2023 | 18:56
Updated-12 Sep, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsvirtual_gpuNVIDIA GPU Display driver, vGPU driver, and Cloud gaming drivergpu_display_driver
CWE ID-CWE-284
Improper Access Control
CVE-2020-1203
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 59.30%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016visual_studiovisual_studio_2019windows_10visual_studio_2017windows_server_2019WindowsWindows 10 Version 2004 for x64-based SystemsMicrosoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server, version 2004 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1909 for x64-based SystemsMicrosoft Visual StudioMicrosoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Windows ServerWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 2004 for ARM64-based SystemsMicrosoft Visual Studio 2019Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)Windows 10 Version 1909 for 32-bit Systems
CVE-2020-1222
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.61% / 70.18%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1309.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 2004 for 32-bit SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-12981
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.23%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 21:49
Updated-16 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwareradeon_pro_softwarewindows_10AMD Radeon Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1316
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.49%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 20:05
Updated-24 Feb, 2026 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Permission Assignment for Critical Resource in zerotier/zerotierone

Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation

Action-Not Available
Vendor-zerotierzerotierMicrosoft Corporation
Product-zerotieronewindowszerotier/zerotierone
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-12902
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.81%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:48
Updated-16 Sep, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CVE-2020-1274
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.50% / 66.44%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 2004 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-12963
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.52%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:58
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2020-1276
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.40% / 60.92%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1307, CVE-2020-1316.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 2004 for ARM64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-1306
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 59.70%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:44
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1334.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2023-48861
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.34%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-26 Nov, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.

Action-Not Available
Vendor-baidun/aMicrosoft Corporation
Product-windowsttplayern/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-1337
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-55.31% / 98.11%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 19:12
Updated-23 Feb, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_server_2008windows_10windows_8.1windows_7windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 10 Version 1909Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit Systems
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-1266
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.40% / 60.85%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 2004 for ARM64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-1293
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 59.70%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016visual_studiovisual_studio_2019windows_10visual_studio_2017windows_server_2019WindowsWindows 10 Version 2004 for x64-based SystemsMicrosoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server, version 2004 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1909 for x64-based SystemsMicrosoft Visual StudioMicrosoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Windows ServerWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 2004 for ARM64-based SystemsMicrosoft Visual Studio 2019Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)Windows 10 Version 1909 for 32-bit Systems
CVE-2020-12903
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.81%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 19:44
Updated-17 Sep, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-12393
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.8||HIGH
EPSS-0.47% / 64.83%
||
7 Day CHG~0.00%
Published-26 May, 2020 | 17:01
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-12962
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.45%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 19:42
Updated-16 Sep, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-windowsradeon_softwareAMD Radeon Software
CVE-2020-1243
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 60.14%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:18
Updated-23 Feb, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Denial of Service Vulnerability

<p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p> <p>To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.</p> <p>The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10windows_server_2019Windows 10 Version 2004Windows 10 Version 1607Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows 10 Version 1709Windows 10 Version 1909Windows Server, version 1903 (Server Core installation)Windows Server 2016
CVE-2020-1249
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 56.25%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019WindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-12304
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.86%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:05
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsdynamic_application_loader_software_developement_kitIntel(R) DAL SDK
CVE-2025-29803
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.22% / 44.88%
||
7 Day CHG+0.06%
Published-12 Apr, 2025 | 01:32
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_tools_for_applications_2019_sdksql_server_management_studiovisual_studio_tools_for_applications_2019visual_studio_tools_for_applications_2022visual_studio_tools_for_applications_2022_sdkSQL Server Management Studio 20.2Visual Studio Tools for Applications (VSTA)VSTA 2022 SDKVSTA 2019 SDK
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-1273
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 59.19%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-1246
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.54% / 68.15%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 2004 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-12985
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.56%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 21:50
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwareradeon_pro_softwarewindows_10AMD Radeon Software
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1265
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 59.19%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2025-29800
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.48% / 65.40%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-autoupdateMicrosoft AutoUpdate for Mac
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-29801
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.48% / 65.40%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-autoupdateMicrosoft AutoUpdate for Mac
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-1279
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.28% / 51.51%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotlight images from a secure location, aka 'Windows Lockscreen Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 2004 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-12898
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.18% / 38.79%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 18:58
Updated-17 Sep, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwarewindows_10AMD Radeon Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-27743
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.84% / 75.13%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft System Center Elevation of Privilege Vulnerability

Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-system_center_operations_managersystem_center_orchestratorsystem_center_service_managersystem_center_data_protection_managersystem_center_virtual_machine_managerSystem Center Data Protection Manager 2025System Center Operations Manager 2025System Center Operations Manager 2022System Center Orchestrator 2022System Center Service Manager 2019System Center Service Manager 2025System Center Operations Manager 2019System Center Orchestrator 2019System Center Virtual Machine Manager 2022System Center Virtual Machine Manager 2025System Center Data Protection Manager 2022System Center Data Protection Manager 2019System Center Orchestrator 2025System Center Virtual Machine Manager 2019System Center Service Manager 2022
CWE ID-CWE-426
Untrusted Search Path
CVE-2025-27730
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.93% / 76.50%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Digital Media Elevation of Privilege Vulnerability

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_10_21h2windows_server_2019windows_10_22h2windows_server_2025windows_11_22h2windows_10_1809windows_server_2022_23h2windows_11_24h2Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows Server 2019
CWE ID-CWE-415
Double Free
CWE ID-CWE-416
Use After Free
CVE-2020-1269
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.53% / 67.64%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.

Action-Not Available
Vendor-openSUSEMicrosoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008leapWindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 54
  • 55
  • Next
Details not found