CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2022-26904	High	25.1%	MicrosoftWindows	Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2021-40450	High	7.5%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2022-22718	High	9.3%	MicrosoftWindows	Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.	Apr 19, 2022	KEV
CVE-2022-1364(1)	High	12.4%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Apr 15, 2022	KEV
CVE-2022-24521	High	8.7%	MicrosoftWindows	Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.	Apr 13, 2022	KEV
CVE-2015-2502	High	22.6%	MicrosoftInternet Explorer	Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).	Apr 13, 2022	KEV
CVE-2021-42287	High	94.0%	MicrosoftActive Directory	Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.	Apr 11, 2022	KEV
CVE-2021-42278	High	94.1%	MicrosoftActive Directory	Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.	Apr 11, 2022	KEV
CVE-2021-31166	High	93.1%	MicrosoftHTTP Protocol Stack	Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.	Apr 6, 2022	KEV
CVE-2017-0148	High	94.1%	MicrosoftSMBv1 server	The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.	Apr 6, 2022	KEV
CVE-2021-34484	High	2.4%	MicrosoftWindows	Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.	Mar 31, 2022	KEV
CVE-2015-2426	High	91.8%	MicrosoftWindows	A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.	Mar 28, 2022	KEV
CVE-2010-4398	High	6.4%	MicrosoftWindows	Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.	Mar 28, 2022	KEV
CVE-2013-2551	High	90.8%	MicrosoftInternet Explorer	Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.	Mar 28, 2022	KEV
CVE-2015-2419	High	71.7%	MicrosoftInternet Explorer	JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.	Mar 28, 2022	KEV
CVE-2015-1770	High	78.2%	MicrosoftOffice	Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.	Mar 28, 2022	KEV
CVE-2012-2539	High	84.4%	MicrosoftWord	Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.	Mar 28, 2022	KEV
CVE-2013-3660	High	69.2%	MicrosoftWin32k	The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.	Mar 28, 2022	KEV
CVE-2016-0189	High	92.1%	MicrosoftInternet Explorer	The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.	Mar 28, 2022	KEV
CVE-2021-34486	High	34.7%	MicrosoftWindows	Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.	Mar 28, 2022	KEV

CVE-2022-26904KEV

High

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 25.1%

CVE-2021-40450KEV

High

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 7.5%

CVE-2022-22718KEV

High

Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.

MicrosoftEPSS 9.3%

CVE-2022-1364KEV

High

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 12.4%

CVE-2022-24521KEV

High

Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 8.7%

CVE-2015-2502KEV

High

Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).

MicrosoftEPSS 22.6%

CVE-2021-42287KEV

High

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 94.0%

CVE-2021-42278KEV

High

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 94.1%

CVE-2021-31166KEV

High

Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.

MicrosoftEPSS 93.1%

CVE-2017-0148KEV

High

The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.

MicrosoftEPSS 94.1%

CVE-2021-34484KEV

High

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 2.4%

CVE-2015-2426KEV

High

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.

MicrosoftEPSS 91.8%

CVE-2010-4398KEV

High

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.

MicrosoftEPSS 6.4%

CVE-2013-2551KEV

High

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.

MicrosoftEPSS 90.8%

CVE-2015-2419KEV

High

JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

MicrosoftEPSS 71.7%

CVE-2015-1770KEV

High

Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.

MicrosoftEPSS 78.2%

CVE-2012-2539KEV

High

Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.

MicrosoftEPSS 84.4%

CVE-2013-3660KEV

High

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.

MicrosoftEPSS 69.2%

CVE-2016-0189KEV

High

The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

MicrosoftEPSS 92.1%

CVE-2021-34486KEV

High

Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.

MicrosoftEPSS 34.7%

9 10 11 12 13 14 15