Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-27743

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-08 Apr, 2025 | 17:23
Updated At-04 Jun, 2025 | 17:52
Rejected At-
Credits

Microsoft System Center Elevation of Privilege Vulnerability

Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:08 Apr, 2025 | 17:23
Updated At:04 Jun, 2025 | 17:52
Rejected At:
▼CVE Numbering Authority (CNA)
Microsoft System Center Elevation of Privilege Vulnerability

Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
System Center Virtual Machine Manager 2022
Platforms
  • Unknown
Versions
Affected
  • N/A
Vendor
Microsoft CorporationMicrosoft
Product
System Center Virtual Machine Manager 2019
Platforms
  • Unknown
Versions
Affected
  • N/A
Vendor
Microsoft CorporationMicrosoft
Product
System Center Virtual Machine Manager 2025
Platforms
  • Unknown
Versions
Affected
  • N/A
Vendor
Microsoft CorporationMicrosoft
Product
System Center Data Protection Manager 2025
Platforms
  • Unknown
Versions
Affected
  • N/A
Vendor
Microsoft CorporationMicrosoft
Product
System Center Data Protection Manager 2022
Platforms
  • Unknown
Versions
Affected
  • N/A
Vendor
Microsoft CorporationMicrosoft
Product
System Center Data Protection Manager 2019
Platforms
  • Unknown
Versions
Affected
  • N/A
Vendor
Microsoft CorporationMicrosoft
Product
System Center Orchestrator 2019
Platforms
  • Unknown
Versions
Affected
  • N/A
Vendor
Microsoft CorporationMicrosoft
Product
System Center Orchestrator 2022
Platforms
  • Unknown
Versions
Affected
  • N/A
Vendor
Microsoft CorporationMicrosoft
Product
System Center Orchestrator 2025
Platforms
  • Unknown
Versions
Affected
  • N/A
Vendor
Microsoft CorporationMicrosoft
Product
System Center Service Manager 2019
Platforms
  • Unknown
Versions
Affected
  • N/A
Vendor
Microsoft CorporationMicrosoft
Product
System Center Service Manager 2022
Platforms
  • Unknown
Versions
Affected
  • N/A
Vendor
Microsoft CorporationMicrosoft
Product
System Center Service Manager 2025
Platforms
  • Unknown
Versions
Affected
  • N/A
Vendor
Microsoft CorporationMicrosoft
Product
System Center Operations Manager 2019
Platforms
  • Unknown
Versions
Affected
  • N/A
Vendor
Microsoft CorporationMicrosoft
Product
System Center Operations Manager 2022
Platforms
  • Unknown
Versions
Affected
  • N/A
Vendor
Microsoft CorporationMicrosoft
Product
System Center Operations Manager 2025
Platforms
  • Unknown
Versions
Affected
  • N/A
Problem Types
TypeCWE IDDescription
CWECWE-426CWE-426: Untrusted Search Path
Type: CWE
CWE ID: CWE-426
Description: CWE-426: Untrusted Search Path
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27743
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27743
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:08 Apr, 2025 | 18:16
Updated At:10 Jul, 2025 | 15:13

Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>system_center_data_protection_manager>>2019
cpe:2.3:a:microsoft:system_center_data_protection_manager:2019:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>system_center_data_protection_manager>>2022
cpe:2.3:a:microsoft:system_center_data_protection_manager:2022:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>system_center_data_protection_manager>>2025
cpe:2.3:a:microsoft:system_center_data_protection_manager:2025:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>system_center_operations_manager>>2019
cpe:2.3:a:microsoft:system_center_operations_manager:2019:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>system_center_operations_manager>>2022
cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>system_center_operations_manager>>2025
cpe:2.3:a:microsoft:system_center_operations_manager:2025:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>system_center_orchestrator>>2019
cpe:2.3:a:microsoft:system_center_orchestrator:2019:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>system_center_orchestrator>>2022
cpe:2.3:a:microsoft:system_center_orchestrator:2022:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>system_center_orchestrator>>2025
cpe:2.3:a:microsoft:system_center_orchestrator:2025:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>system_center_service_manager>>2019
cpe:2.3:a:microsoft:system_center_service_manager:2019:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>system_center_service_manager>>2022
cpe:2.3:a:microsoft:system_center_service_manager:2022:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>system_center_service_manager>>2025
cpe:2.3:a:microsoft:system_center_service_manager:2025:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>system_center_virtual_machine_manager>>2019
cpe:2.3:a:microsoft:system_center_virtual_machine_manager:2019:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>system_center_virtual_machine_manager>>2022
cpe:2.3:a:microsoft:system_center_virtual_machine_manager:2022:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>system_center_virtual_machine_manager>>2025
cpe:2.3:a:microsoft:system_center_virtual_machine_manager:2025:-:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-426Primarysecure@microsoft.com
CWE ID: CWE-426
Type: Primary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27743secure@microsoft.com
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27743
Source: secure@microsoft.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2017Records found
CVE-2021-42011
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.64%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 07:46
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex One
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-42280
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.04%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:47
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Feedback Hub Elevation of Privilege Vulnerability

Windows Feedback Hub Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 2004Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-5692
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 01:41
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of service.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgpu_driverNVIDIA GPU Display Driver
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2021-43240
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.85%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NTFS Set Short Name Elevation of Privilege Vulnerability

NTFS Set Short Name Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_11windows_10windows_server_2016Windows Server 2022Windows 10 Version 2004Windows 10 Version 21H2Windows Server version 2004Windows 10 Version 21H1Windows 11 version 21H2Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2023-46814
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.56%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 00:00
Updated-29 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.

Action-Not Available
Vendor-n/aVideoLANMicrosoft Corporation
Product-windowsvlc_media_playern/avlc_media_player
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-43231
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.54% / 66.70%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-18 Nov, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows NTFS Elevation of Privilege Vulnerability

Windows NTFS Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_11windows_10windows_server_2019Windows Server 2022Windows 10 Version 2004Windows 10 Version 1607Windows 10 Version 21H2Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2017-20107
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.96%
||
7 Day CHG~0.00%
Published-28 Jun, 2022 | 06:40
Updated-15 Apr, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ShadeYouVPN.com Client privileges management

A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-shadeyouvpn.com_projectShadeYouVPN.comMicrosoft Corporation
Product-windowsshadeyouvpn.comClient
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-42101
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.35%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 07:46
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar but not identical to CVE-2021-42103.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex One
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-42743
Matching Score-8
Assigner-Splunk Inc.
ShareView Details
Matching Score-8
Assigner-Splunk Inc.
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.60%
||
7 Day CHG~0.00%
Published-06 May, 2022 | 16:36
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation via a default path in Splunk Enterprise Windows

A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.

Action-Not Available
Vendor-Microsoft CorporationSplunk LLC (Cisco Systems, Inc.)
Product-windowssplunkSplunk Enterprise
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-42312
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.67%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:14
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for IoT Elevation of Privilege Vulnerability

Microsoft Defender for IoT Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-defender_for_iotMicrosoft Defender for IoT
CVE-2021-43229
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-11.25% / 93.24%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows NTFS Elevation of Privilege Vulnerability

Windows NTFS Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-42954
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.06%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 12:13
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.Microsoft Corporation
Product-manageengine_remote_access_pluswindowsn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-42105
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.22%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 07:46
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityworry-free_business_security_servicesTrend Micro Apex OneTrend Micro Worry-Free Business Security
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-42956
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.12%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 11:51
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.Microsoft Corporation
Product-windowsmanageengine_remote_access_plus_servern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-43223
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 52.34%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CVE-2021-42106
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.22%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 07:46
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsworry-free_business_securityworry-free_business_security_servicesTrend Micro Apex OneTrend Micro Worry-Free Business Security
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-17032
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 65.58%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Elevation of Privilege Vulnerability

Windows Remote Access Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1803Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)
CVE-2021-41339
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.21% / 43.59%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Microsoft DWM Core Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_server_2022windows_10Windows Server 2022Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows 11 version 21H2Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41357
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-14.57% / 94.20%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:28
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-16||Apply updates per vendor instructions.
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_20h2windows_server_2004windows_server_2022windows_10_21h1windows_11_21h2windows_10_2004windows_10_20h2Windows Server version 20H2Windows 10 Version 20H2Windows 10 Version 2004Windows 10 Version 21H1Windows Server version 2004Windows 11 version 21H2Windows Server 2022Win32k
CVE-2021-41333
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.55% / 66.77%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:14
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-41377
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.46%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:46
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability

Windows Fast FAT File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41379
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.12% / 88.16%
||
7 Day CHG-0.00%
Published-10 Nov, 2021 | 00:46
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_2004windows_10_1909windows_7windows_10_20h2windows_10_1607windows_server_20h2windows_server_2022windows_server_2008windows_server_2016windows_server_2004windows_11_21h2windows_10_1809windows_10_21h1windows_8.1windows_rt_8.1windows_10_1507windows_server_2019Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows 11 version 21H2Windows Server 2019Windows 10 Version 1909Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2022Windows Server version 20H2Windows Server 2016Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 7 Service Pack 1Windows 7Windows 10 Version 2004Windows 10 Version 21H1Windows Server version 2004Windows Server 2012Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-16980
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.52% / 65.98%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:18
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows iSCSI Target Service Elevation of Privilege Vulnerability

<p>An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p> <p>To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.</p> <p>The security update addresses the vulnerability by ensuring the Windows iSCSI Target Service properly handles file operations.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows Server 2016
CVE-2021-41370
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:46
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NTFS Elevation of Privilege Vulnerability

NTFS Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-17011
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.73% / 71.77%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Port Class Library Elevation of Privilege Vulnerability

Windows Port Class Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)
CVE-2020-16973
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.52% / 65.98%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:18
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Backup Service Elevation of Privilege Vulnerability

<p>An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p> <p>The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 7Windows 10 Version 1709Windows 10 Version 1909Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit Systems
CVE-2020-17024
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.59%
||
7 Day CHG-0.07%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability

Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1803Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)
CVE-2020-17026
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 65.58%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-15 Nov, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Elevation of Privilege Vulnerability

Windows Remote Access Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1803Windows Server 2012 R2Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)
CVE-2020-17001
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.62% / 69.04%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:47
Updated-10 Sep, 2024 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)
CVE-2024-45181
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.02% / 2.16%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 00:00
Updated-18 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption.

Action-Not Available
Vendor-wibun/awibuMicrosoft Corporation
Product-windowswibukeyn/awibukey
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40989
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.66%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 13:41
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Action-Not Available
Vendor-n/aMicrosoft CorporationAruba Networks
Product-windowsclearpass_policy_managerAruba ClearPass Policy Manager
CVE-2023-26077
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.54%
||
7 Day CHG~0.00%
Published-24 Jul, 2023 | 00:00
Updated-24 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.

Action-Not Available
Vendor-ateran/aateraMicrosoft Corporation
Product-windowsateran/aatera
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-5543
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.95%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 17:24
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Microsoft Corporation
Product-remote_consoleworkstationwindowshorizon_clientVMware Horizon Client for WindowsVMware Workstation for WindowsVMware Remote Console for Windows
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-1515
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.05%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 19:13
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Server Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Telephony Server handles memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 10 Version 1909Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit Systems
CVE-2021-41334
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.20% / 41.89%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Desktop Bridge Elevation of Privilege Vulnerability

Windows Desktop Bridge Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_server_2022windows_10Windows Server 2022Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows 11 version 21H2Windows Server version 20H2Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41335
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.22%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41022
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.77%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 18:23
Updated-25 Oct, 2024 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts

Action-Not Available
Vendor-Fortinet, Inc.Microsoft Corporation
Product-fortisiemwindowsFortinet FortiSIEMWindowsAgent
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41366
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 39.16%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:46
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability

Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41345
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.63% / 69.39%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:28
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-1392
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 58.54%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1394, CVE-2020-1395.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-1393
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 65.58%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016visual_studiovisual_studio_2019windows_10visual_studio_2017windows_server_2019WindowsWindows 10 Version 2004 for x64-based SystemsMicrosoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server, version 2004 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1909 for x64-based SystemsMicrosoft Visual StudioMicrosoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Windows ServerWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 2004 for ARM64-based SystemsMicrosoft Visual Studio 2019Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)Windows 10 Version 1909 for 32-bit Systems
CVE-2022-34706
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.27% / 83.98%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:53
Updated-04 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_8.1windows_rt_8.1windows_server_2019windows_server_2022windows_server_2012windows_7windows_10windows_server_2016windows_server_2008windows_11Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 21H2Windows 7Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1607Windows Server 2016Windows Server 2012 R2Windows 10 Version 21H1Windows 8.1Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows 10 Version 20H2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2019Windows 11 version 21H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-40449
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-83.38% / 99.23%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:26
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-12-01||Apply updates per vendor instructions.
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_20h2windows_11windows_10_21h1windows_server_2022windows_10_1909windows_server_2019windows_server_2016windows_server_2008windows_10_20h2windows_server_2004windows_server_2012windows_10_1607windows_11_21h2windows_10_2004windows_rt_8.1windows_10_1507windows_8.1windows_7windows_10_1809Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows 11 version 21H2Windows Server 2019Windows 10 Version 1909Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2022Windows Server version 20H2Windows Server 2016Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 7 Service Pack 1Windows 7Windows 10 Version 2004Windows 10 Version 21H1Windows Server version 2004Windows Server 2012Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows
CWE ID-CWE-416
Use After Free
CVE-2021-40441
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.40%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:14
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Media Center Elevation of Privilege Vulnerability

Windows Media Center Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_8.1windows_rt_8.1windows_7windows_server_2008Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server 2012 R2 (Server Core installation)Windows 7 Service Pack 1
CVE-2021-40488
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.50% / 64.76%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-1414
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 65.55%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1415, CVE-2020-1422.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2019-3999
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-7.8||HIGH
EPSS-16.56% / 94.64%
||
7 Day CHG~0.00%
Published-25 Feb, 2020 | 18:15
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.

Action-Not Available
Vendor-druvan/aMicrosoft Corporation
Product-windowsinsync_clientDruva inSync Windows Client
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-43516
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.59% / 68.17%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows Server 2019 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 22H2Windows 11 version 22H3Windows 10 Version 21H2Windows Server 2019Windows 11 version 22H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows 11 version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2021-40466
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.44% / 62.30%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-12981
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.86%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 21:49
Updated-16 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Microsoft Corporation
Product-radeon_softwareradeon_pro_softwarewindows_10AMD Radeon Software
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 40
  • 41
  • Next
Details not found