CVE-2022-26904

Known exploited
Public exploit
Windows User Profile Service Elevation of Privilege Vulnerability
Max CVSS
7.0
EPSS Score
0.10%
Published
2022-04-15
Updated
2023-06-29
CISA KEV Added
2022-04-25

CVE-2022-21999

Known exploited
Public exploit
Windows Print Spooler Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.10%
Published
2022-02-09
Updated
2023-06-29
CISA KEV Added
2022-03-25

CVE-2021-40449

Known exploited
Public exploit
Used for ransomware
Win32k Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.15%
Published
2021-10-13
Updated
2023-08-01
CISA KEV Added
2021-11-17

CVE-2020-1337

Public exploit
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.
Max CVSS
7.8
EPSS Score
0.25%
Published
2020-08-17
Updated
2024-01-19

CVE-2020-1054

Known exploited
Public exploit
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143.
Max CVSS
7.8
EPSS Score
0.47%
Published
2020-05-21
Updated
2022-04-28
CISA KEV Added
2021-11-03

CVE-2020-1048

Public exploit
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070.
Max CVSS
7.8
EPSS Score
0.69%
Published
2020-05-21
Updated
2022-04-28

CVE-2020-0787

Known exploited
Public exploit
Used for ransomware
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
Max CVSS
7.8
EPSS Score
1.09%
Published
2020-03-12
Updated
2022-07-12
CISA KEV Added
2022-01-28

CVE-2020-0668

Public exploit
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672.
Max CVSS
7.8
EPSS Score
0.48%
Published
2020-02-11
Updated
2022-01-01

CVE-2019-1458

Known exploited
Public exploit
Used for ransomware
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
Max CVSS
7.8
EPSS Score
96.58%
Published
2019-12-10
Updated
2023-01-30
CISA KEV Added
2022-01-10

CVE-2019-1405

Known exploited
Public exploit
Used for ransomware
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
Max CVSS
7.8
EPSS Score
0.12%
Published
2019-11-12
Updated
2023-03-01
CISA KEV Added
2022-03-15

CVE-2019-0808

Known exploited
Public exploit
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-04-09
Updated
2020-08-24
CISA KEV Added
2021-11-03

CVE-2018-8453

Known exploited
Public exploit
Used for ransomware
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Max CVSS
7.8
EPSS Score
93.89%
Published
2018-10-10
Updated
2019-10-03
CISA KEV Added
2022-01-21

CVE-2018-8440

Known exploited
Public exploit
Used for ransomware
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Max CVSS
7.8
EPSS Score
97.10%
Published
2018-09-13
Updated
2019-10-03
CISA KEV Added
2022-03-28

CVE-2018-8120

Known exploited
Public exploit
Used for ransomware
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
Max CVSS
7.2
EPSS Score
97.43%
Published
2018-05-09
Updated
2019-10-03
CISA KEV Added
2022-03-15

CVE-2016-3225

Public exploit
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
1.09%
Published
2016-06-16
Updated
2018-10-12

CVE-2016-0099

Known exploited
Public exploit
Used for ransomware
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-03-09
Updated
2018-10-12
CISA KEV Added
2022-03-03

CVE-2016-0051

Public exploit
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
0.05%
Published
2016-02-10
Updated
2018-10-12

CVE-2016-0041

Public exploit
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
Max CVSS
7.8
EPSS Score
91.05%
Published
2016-02-10
Updated
2018-10-12

CVE-2016-0040

Known exploited
Public exploit
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-02-10
Updated
2018-10-12
CISA KEV Added
2022-03-28

CVE-2015-6132

Public exploit
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
Max CVSS
7.2
EPSS Score
96.25%
Published
2015-12-09
Updated
2019-05-15

CVE-2015-6128

Public exploit
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
Max CVSS
7.2
EPSS Score
75.87%
Published
2015-12-09
Updated
2018-10-12

CVE-2015-1701

Known exploited
Public exploit
Used for ransomware
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
Max CVSS
7.2
EPSS Score
0.53%
Published
2015-04-21
Updated
2020-05-14
CISA KEV Added
2022-03-03

CVE-2015-0002

Public exploit
The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or "Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability."
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-01-13
Updated
2018-10-12

CVE-2014-4113

Known exploited
Public exploit
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
Max CVSS
7.2
EPSS Score
2.28%
Published
2014-10-15
Updated
2019-02-26
CISA KEV Added
2022-05-04

CVE-2013-3881

Public exploit
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."
Max CVSS
7.2
EPSS Score
0.05%
Published
2013-10-09
Updated
2020-09-28
1035 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!