CVE-2023-36874

Known exploited
Public exploit
Windows Error Reporting Service Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.15%
Published
2023-07-11
Updated
2023-09-27
CISA KEV Added
2023-07-11

CVE-2023-28252

Known exploited
Public exploit
Used for ransomware
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
2.55%
Published
2023-04-11
Updated
2023-09-14
CISA KEV Added
2023-04-11

CVE-2023-21768

Public exploit
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.40%
Published
2023-01-10
Updated
2023-04-27

CVE-2022-41040

Known exploited
Public exploit
Used for ransomware
Microsoft Exchange Server Elevation of Privilege Vulnerability
Max CVSS
8.8
EPSS Score
96.59%
Published
2022-10-03
Updated
2023-12-20
CISA KEV Added
2022-09-30

CVE-2022-26923

Known exploited
Public exploit
Active Directory Domain Services Elevation of Privilege Vulnerability
Max CVSS
9.0
EPSS Score
7.92%
Published
2022-05-10
Updated
2023-12-21
CISA KEV Added
2022-08-18

CVE-2022-26904

Known exploited
Public exploit
Windows User Profile Service Elevation of Privilege Vulnerability
Max CVSS
7.0
EPSS Score
0.10%
Published
2022-04-15
Updated
2023-06-29
CISA KEV Added
2022-04-25

CVE-2022-21999

Known exploited
Public exploit
Windows Print Spooler Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.10%
Published
2022-02-09
Updated
2023-06-29
CISA KEV Added
2022-03-25

CVE-2022-21882

Known exploited
Public exploit
Win32k Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.14%
Published
2022-01-11
Updated
2023-12-21
CISA KEV Added
2022-02-04

CVE-2021-40449

Known exploited
Public exploit
Used for ransomware
Win32k Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.15%
Published
2021-10-13
Updated
2023-08-01
CISA KEV Added
2021-11-17

CVE-2021-38648

Known exploited
Public exploit
Open Management Infrastructure Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
96.24%
Published
2021-09-15
Updated
2023-12-28
CISA KEV Added
2021-11-03

CVE-2021-38647

Known exploited
Public exploit
Used for ransomware
Open Management Infrastructure Remote Code Execution Vulnerability
Max CVSS
9.8
EPSS Score
97.47%
Published
2021-09-15
Updated
2023-12-28
CISA KEV Added
2021-11-03

CVE-2021-34523

Known exploited
Public exploit
Used for ransomware
Microsoft Exchange Server Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
72.23%
Published
2021-07-14
Updated
2024-02-13
CISA KEV Added
2021-11-03

CVE-2021-1732

Known exploited
Public exploit
Used for ransomware
Windows Win32k Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.44%
Published
2021-02-25
Updated
2023-12-29
CISA KEV Added
2021-11-03

CVE-2020-17136

Public exploit
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.17%
Published
2020-12-10
Updated
2023-12-30

CVE-2020-1472

Known exploited
Public exploit
Used for ransomware
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
Max CVSS
10.0
EPSS Score
32.19%
Published
2020-08-17
Updated
2024-01-19
CISA KEV Added
2021-11-03

CVE-2020-1337

Public exploit
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.
Max CVSS
7.8
EPSS Score
0.25%
Published
2020-08-17
Updated
2024-01-19

CVE-2020-1313

Public exploit
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'.
Max CVSS
7.8
EPSS Score
1.08%
Published
2020-06-09
Updated
2022-04-28

CVE-2020-1054

Known exploited
Public exploit
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143.
Max CVSS
7.8
EPSS Score
0.47%
Published
2020-05-21
Updated
2022-04-28
CISA KEV Added
2021-11-03

CVE-2020-1048

Public exploit
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070.
Max CVSS
7.8
EPSS Score
0.69%
Published
2020-05-21
Updated
2022-04-28

CVE-2020-0787

Known exploited
Public exploit
Used for ransomware
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
Max CVSS
7.8
EPSS Score
1.09%
Published
2020-03-12
Updated
2022-07-12
CISA KEV Added
2022-01-28

CVE-2020-0688

Known exploited
Public exploit
Used for ransomware
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
Max CVSS
9.0
EPSS Score
97.37%
Published
2020-02-11
Updated
2024-02-13
CISA KEV Added
2021-11-03

CVE-2020-0668

Public exploit
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672.
Max CVSS
7.8
EPSS Score
0.48%
Published
2020-02-11
Updated
2022-01-01

CVE-2019-1458

Known exploited
Public exploit
Used for ransomware
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
Max CVSS
7.8
EPSS Score
96.58%
Published
2019-12-10
Updated
2023-01-30
CISA KEV Added
2022-01-10

CVE-2019-1405

Known exploited
Public exploit
Used for ransomware
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
Max CVSS
7.8
EPSS Score
0.12%
Published
2019-11-12
Updated
2023-03-01
CISA KEV Added
2022-03-15

CVE-2019-1322

Known exploited
Public exploit
Used for ransomware
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.
Max CVSS
7.8
EPSS Score
0.11%
Published
2019-10-10
Updated
2020-08-24
CISA KEV Added
2022-03-15
2270 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!