CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 24/121 • 14515 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14515 CVEs for this tag (all time). In the last 365 days, 1681 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-07-09
High

CVE-2024-4944

A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged.

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2024-07-08
Critical

CVE-2024-27903

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged…

CVSS: 9.8 CWE: CWE-283 - Unverified Ownership View on NVD
2024-07-04
Critical

CVE-2024-39930

The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connectio…

CVSS: 9.9 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
2024-07-02
High

CVE-2022-30636

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a di…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2024-25087

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue screen error.

CVSS: 5.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2024-22105

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error.

CVSS: 5.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2024-22104

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).

CVSS: 5.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2024-22103

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).

CVSS: 5.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2024-22102

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error.

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-51778

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).

CVSS: 5.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2023-51777

Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error.

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2024-38519

`yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt-dlp` and `youtube-dl` do not limit the extensions of downloaded files, which could lead to arbitra…

CVSS: 7.8 CWE: CWE-669 - Incorrect Resource Transfer Between Spheres View on NVD
High

CVE-2024-4679

Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Wi…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2024-07-01
High

CVE-2024-38472

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which…

CVSS: 7.5 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2024-36991

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerabi…

CVSS: 7.5 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
High

CVE-2024-36984

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attack…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-24749

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache T…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-06-28
High

CVE-2024-39708

An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to…

CVSS: 7.0 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2024-06-27
High

CVE-2024-6250

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. The `sanitize_path` function with `allow_absolute_path…

CVSS: 7.5 CWE: CWE-36 - Absolute Path Traversal View on NVD
Critical

CVE-2024-3330

Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerabil…

CVSS: 9.9 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2024-06-26
High

CVE-2024-6354

Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM da…

CVSS: 7.2 CWE: CWE-1262 - Improper Access Control for Register Interface View on NVD
Medium

CVE-2024-38272

There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the us…

CVSS: 4.3 CWE: CWE-294 - Authentication Bypass by Capture-replay View on NVD
2024-06-25
High

CVE-2024-37742

Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. The vulnerability allows an attacker to share clipboard data between the SEB kiosk mode and the underlying system, compromising…

CVSS: 8.2 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-5012

In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Window…

CVSS: 8.6 CWE: CWE-287 - Improper Authentication View on NVD
2024-06-20
Medium

CVE-2024-36071

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search…

CVSS: 6.3 CWE: CWE-426 - Untrusted Search Path View on NVD
2024-06-18
High

CVE-2024-22002

CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in the cuepkg-1.2.6 subdirectory of the installation directory.

CVSS: 7.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2024-06-17
Medium

CVE-2024-6055

Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings…

CVSS: 4.7 CWE: CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer View on NVD
2024-06-14
Medium

CVE-2024-34012

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.

CVSS: 4.4 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2024-06-13
Critical

CVE-2024-0095

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful…

CVSS: 9.0 CWE: CWE-117 - Improper Output Neutralization for Logs View on NVD
Medium

CVE-2024-0092

NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.

CVSS: 5.5 CWE: CWE-703 - Improper Check or Handling of Exceptional Conditions View on NVD
High

CVE-2024-0091

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability…

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2024-0090

NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of serv…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-0089

NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lea…

CVSS: 7.8 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2024-0085

NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2024-06-12
Medium

CVE-2024-31881

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain col…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2023-29267

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a special…

CVSS: 5.3 CWE: CWE-399 View on NVD
Medium

CVE-2024-28762

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 28…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2024-5909

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by mal…

CVSS: 5.5 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2024-5907

A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does requ…

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2024-5905

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, the…

CVSS: 4.4 CWE: CWE-346 - Origin Validation Error View on NVD
Critical

CVE-2024-4315

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-st…

CVSS: 9.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-06-11
High

CVE-2024-35265

Windows Perception Service Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2024-35250

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2024-30099

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2024-30096

Windows Cryptographic Services Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2024-30095

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-30094

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-30093

Windows Storage Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-30088

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2024-30086

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-30085

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-30084

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2024-30083

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-30078

Windows Wi-Fi Driver Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-30077

Windows OLE Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2024-30076

Windows Container Manager Service Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-30075

Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-30074

Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2024-30069

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVSS: 4.7 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2024-30068

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-30065

Windows Themes Denial of Service Vulnerability

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-30064

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2024-30063

Windows Distributed File System (DFS) Remote Code Execution Vulnerability

CVSS: 6.7 CWE: CWE-641 - Improper Restriction of Names for Files and Other Resources View on NVD
High

CVE-2024-30062

Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2024-26330

An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by dumping the…

CVSS: 6.5 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
Medium

CVE-2024-5692

On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in…

CVSS: 6.5 CWE: N/A View on NVD
Low

CVE-2023-38533

A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow an…

CVSS: 3.3 CWE: CWE-379 - Creation of Temporary File in Directory with Insecure Permissions View on NVD
2024-06-10
High

CVE-2024-5102

A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulne…

CVSS: 7.0 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
High

CVE-2024-34332

An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2024-06-09
Critical

CVE-2024-4577

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" b…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2024-2408

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that…

CVSS: 5.9 CWE: CWE-203 - Observable Discrepancy View on NVD
High

CVE-2024-5585

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_ope…

CVSS: 7.7 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2024-06-07
High

CVE-2024-5732

A vulnerability was found in Clash up to 0.20.1 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component Proxy Port. The manipulation leads to improper a…

CVSS: 7.3 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2024-37385

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-1…

CVSS: 9.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2024-06-06
High

CVE-2024-4881

A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to imprope…

CVSS: 7.5 CWE: CWE-36 - Absolute Path Traversal View on NVD
Critical

CVE-2024-3429

A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. This…

CVSS: 9.8 CWE: CWE-29 - Path Traversal: '..filename' View on NVD
Medium

CVE-2024-37364

Ariane Allegro Scenario Player through 2024-03-05, when Ariane Duo kiosk mode is used, allows physically proximate attackers to obtain sensitive information (such as hotel invoice content with PII),…

CVSS: 6.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2024-2548

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/se…

CVSS: 7.5 CWE: CWE-36 - Absolute Path Traversal View on NVD
Critical

CVE-2024-2362

A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker ca…

CVSS: 9.1 CWE: CWE-36 - Absolute Path Traversal View on NVD
High

CVE-2024-35178

The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows us…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2024-0912

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to n…

CVSS: 4.2 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2024-05-31
High

CVE-2023-38042

A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM.

CVSS: 7.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2024-05-28
Medium

CVE-2024-30164

Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS,…

CVSS: 6.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-2451

Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via e…

CVSS: 6.4 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
2024-05-27
Medium

CVE-2024-35236

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a…

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-05-24
Medium

CVE-2024-36049

Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted conne…

CVSS: 6.5 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2024-05-23
Medium

CVE-2024-35197

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary…

CVSS: 5.4 CWE: CWE-67 - Improper Handling of Windows Device Names View on NVD
2024-05-22
High

CVE-2024-29853

An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.

CVSS: 7.8 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
High

CVE-2024-36077

Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role,…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2024-33228

An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL reques…

CVSS: 8.4 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2024-05-21
High

CVE-2024-31757

An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2024-36052

RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.

CVSS: 7.5 CWE: CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences View on NVD
Medium

CVE-2024-1721

Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1.

CVSS: 5.6 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2023-52751

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in smb2_query_info_compound() The following UAF was triggered when running fstests generic/072 wi…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2024-05-17
Medium

CVE-2024-23583

An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems.

CVSS: 6.7 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
High

CVE-2024-3292

A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the executio…

CVSS: 8.2 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2024-3291

When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could…

CVSS: 7.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2024-3290

A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of a…

CVSS: 8.2 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2024-3289

When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for l…

CVSS: 7.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2024-5055

Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in reso…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2024-27405

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2024-05-16
Medium

CVE-2023-47859

Improper access control for some Intel(R) Wireless Bluetooth products for Windows before version 23.20 may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-46691

Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 7.9 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-45845

Improper conditions check for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.20 may allow a privileged user to potentially enable denial of service via local access.

CVSS: 4.4 CWE: CWE-92 View on NVD
Medium

CVE-2023-45736

Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 6.7 CWE: CWE-277 - Insecure Inherited Permissions View on NVD
High

CVE-2023-45217

Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-43751

Uncontrolled search path in Intel(R) Graphics Command Center Service bundled in some Intel(R) Graphics Windows DCH driver software before versions 31.0.101.3790/31.0.101.2114 may allow an authenticat…

CVSS: 6.7 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2023-42773

Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 8.8 CWE: CWE-707 - Improper Neutralization View on NVD
Medium

CVE-2023-41234

NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 5.0 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-40536

Race condition for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS: 4.3 CWE: CWE-421 - Race Condition During Access to Alternate Channel View on NVD
High

CVE-2023-38654

Improper input validation for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent…

CVSS: 8.2 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-38581

Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 8.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-31226

Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked pla…

CVSS: 4.9 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2024-05-15
Medium

CVE-2024-27244

Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

CVSS: 6.7 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2024-3892

A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute ar…

CVSS: 7.2 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Low

CVE-2023-5937

On Windows systems, the Arc configuration files resulted to be world-readable. This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration fil…

CVSS: 3.8 CWE: CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory View on NVD
2024-05-14
High

CVE-2024-2637

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automa…

CVSS: 7.2 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-30051

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2024-30050

Windows Mark of the Web Security Feature Bypass Vulnerability

CVSS: 5.4 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2024-30049

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD