CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 21/121 • 14515 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14515 CVEs for this tag (all time). In the last 365 days, 1681 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-10-15
Medium

CVE-2024-49384

Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

CVSS: 4.3 CWE: CWE-1327 - Binding to an Unrestricted IP Address View on NVD
Medium

CVE-2024-49383

Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

CVSS: 4.3 CWE: CWE-1327 - Binding to an Unrestricted IP Address View on NVD
Medium

CVE-2024-49382

Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

CVSS: 4.3 CWE: CWE-1327 - Binding to an Unrestricted IP Address View on NVD
2024-10-14
High

CVE-2024-45733

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an ins…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-45731

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root dir…

CVSS: 8.0 CWE: CWE-23 - Relative Path Traversal View on NVD
2024-10-11
Medium

CVE-2024-44157

A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file ma…

CVSS: 5.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-45316

The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges t…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2024-45315

The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges t…

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2024-10-09
High

CVE-2024-9473

A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY…

CVSS: 7.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
Medium

CVE-2024-9469

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be le…

CVSS: 5.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2024-45720

On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretatio…

CVSS: 8.2 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2024-9575

Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through 1.…

CVSS: 8.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-10-08
High

CVE-2024-43615

Microsoft OpenSSH for Windows Remote Code Execution Vulnerability

CVSS: 7.1 CWE: CWE-73 - External Control of File Name or Path View on NVD
High

CVE-2024-43611

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-43608

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-43607

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-43593

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-43592

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-43589

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-43584

Windows Scripting Engine Security Feature Bypass Vulnerability

CVSS: 7.7 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2024-43581

Microsoft OpenSSH for Windows Remote Code Execution Vulnerability

CVSS: 7.1 CWE: CWE-73 - External Control of File Name or Path View on NVD
High

CVE-2024-43575

Windows Hyper-V Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-43573

Windows MSHTML Platform Spoofing Vulnerability

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-43571

Sudo for Windows Spoofing Vulnerability

CVSS: 5.6 CWE: CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints View on NVD
Medium

CVE-2024-43570

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 6.4 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-43567

Windows Hyper-V Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-43565

Windows Network Address Translation (NAT) Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-43564

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-43563

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2024-43562

Windows Network Address Translation (NAT) Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-43561

Windows Mobile Broadband Driver Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-43560

Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2024-43559

Windows Mobile Broadband Driver Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2024-43558

Windows Mobile Broadband Driver Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-43557

Windows Mobile Broadband Driver Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-43556

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2024-43555

Windows Mobile Broadband Driver Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-43554

Windows Kernel-Mode Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer View on NVD
High

CVE-2024-43552

Windows Shell Remote Code Execution Vulnerability

CVSS: 7.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-43551

Windows Storage Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-43550

Windows Secure Channel Spoofing Vulnerability

CVSS: 7.4 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2024-43549

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-43547

Windows Kerberos Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-325 - Missing Cryptographic Step View on NVD
Medium

CVE-2024-43546

Windows Cryptographic Information Disclosure Vulnerability

CVSS: 5.6 CWE: CWE-203 - Observable Discrepancy View on NVD
High

CVE-2024-43545

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-43543

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVSS: 6.8 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
Medium

CVE-2024-43542

Windows Mobile Broadband Driver Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-43540

Windows Mobile Broadband Driver Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-43538

Windows Mobile Broadband Driver Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-43537

Windows Mobile Broadband Driver Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-43536

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVSS: 6.8 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
High

CVE-2024-43535

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2024-43534

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-43529

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2024-43528

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-43527

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2024-43526

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-43525

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-43524

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVSS: 6.8 CWE: CWE-118 - Incorrect Access of Indexable Resource ('Range Error') View on NVD
Medium

CVE-2024-43523

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-43522

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-43521

Windows Hyper-V Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-253 - Incorrect Check of Function Return Value View on NVD
Medium

CVE-2024-43520

Windows Kernel Denial of Service Vulnerability

CVSS: 5.0 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2024-43518

Windows Telephony Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-43516

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2024-43514

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-415 - Double Free View on NVD
Medium

CVE-2024-43512

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2024-43511

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2024-43509

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2024-43508

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-43502

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
High

CVE-2024-43501

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2024-43500

Windows Resilient File System (ReFS) Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2024-43456

Windows Remote Desktop Services Tampering Vulnerability

CVSS: 4.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-43453

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-38265

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-38262

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVSS: 7.5 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2024-38261

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-38212

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-38129

Windows Kerberos Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: CWE-285 - Improper Authorization View on NVD
Critical

CVE-2024-38124

Windows Netlogon Elevation of Privilege Vulnerability

CVSS: 9.0 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2024-38029

Microsoft OpenSSH for Windows Remote Code Execution Vulnerability

CVSS: 7.5 CWE: CWE-73 - External Control of File Name or Path View on NVD
Medium

CVE-2024-37983

Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability

CVSS: 6.7 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
Medium

CVE-2024-37982

Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability

CVSS: 6.7 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
Medium

CVE-2024-37979

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 6.7 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
Medium

CVE-2024-37976

Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability

CVSS: 6.7 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2024-30092

Windows Hyper-V Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-20659

Windows Hyper-V Security Feature Bypass Vulnerability

CVSS: 7.1 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-8926

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/a…

CVSS: 8.1 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2024-10-04
Medium

CVE-2024-25707

There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted strin…

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-10-03
Critical

CVE-2024-7826

Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue af…

CVSS: 9.8 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Critical

CVE-2024-7825

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This…

CVSS: 9.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
Critical

CVE-2024-7824

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This…

CVSS: 9.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
Low

CVE-2024-0125

NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A s…

CVSS: 3.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Low

CVE-2024-0124

NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A succ…

CVSS: 3.3 CWE: CWE-416 - Use After Free View on NVD
Low

CVE-2024-0123

NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into runnin…

CVSS: 3.3 CWE: CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input View on NVD
2024-10-02
Medium

CVE-2024-47611

XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a com…

CVSS: 6.3 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
High

CVE-2024-44193

A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges.

CVSS: 7.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2024-8885

A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files.

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2024-09-30
Critical

CVE-2024-9194

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affe…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2024-09-27
High

CVE-2024-7400

The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissi…

CVSS: 8.5 CWE: CWE-1386 - Insecure Operation on Windows Junction / Mount Point View on NVD
2024-09-26
Medium

CVE-2024-6769

A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allo…

CVSS: 6.7 CWE: CWE-426 - Untrusted Search Path View on NVD
Low

CVE-2024-9203

A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext…

CVSS: 2.5 CWE: CWE-316 - Cleartext Storage of Sensitive Information in Memory View on NVD
Medium

CVE-2024-8405

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incor…

CVSS: 6.1 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2024-8404

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local lo…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2024-09-25
High

CVE-2024-45750

An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4…

CVSS: 7.3 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2024-8996

Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2

CVSS: 7.3 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
High

CVE-2024-8975

Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-r…

CVSS: 7.3 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
Medium

CVE-2024-7421

An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included…

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2024-6594

Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network acc…

CVSS: 7.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
Critical

CVE-2024-6593

Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands. This…

CVSS: 9.1 CWE: CWE-863 - Incorrect Authorization View on NVD
Critical

CVE-2024-6592

Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Win…

CVSS: 9.1 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2024-7481

Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows…

CVSS: 8.8 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2024-7479

Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an…

CVSS: 8.8 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2024-9120

Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2024-8067

In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode "best fit" argument injection was identified.

CVSS: 5.8 CWE: CWE-176 - Improper Handling of Unicode Encoding View on NVD
2024-09-23
Medium

CVE-2024-39342

Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. DCG.Security.dll) with a custom AES encryption process th…

CVSS: 6.6 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2024-46544

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure an…

CVSS: 5.9 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2024-8903

Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows, macOS) before build 38…

CVSS: 4.7 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2024-09-18
High

CVE-2024-46796

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_set_path_size() If smb2_compound_op() is called with a valid @cfile and returned -E…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD