CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 29/121 • 14515 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14515 CVEs for this tag (all time). In the last 365 days, 1681 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-11-14
High

CVE-2023-36425

Windows Distributed File System (DFS) Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-36424

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-36422

Microsoft Windows Defender Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2023-36408

Windows Hyper-V Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-36407

Windows Hyper-V Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-36406

Windows Hyper-V Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-36405

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2023-36404

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-36403

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-36400

Windows HMAC Key Derivation Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-36399

Windows Storage Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2023-36398

Windows NTFS Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Critical

CVE-2023-36397

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVSS: 9.8 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2023-36396

Windows Compressed Folder Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-41 - Improper Resolution of Path Equivalence View on NVD
High

CVE-2023-36395

Windows Deployment Services Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-36394

Windows Search Service Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36393

Windows User Interface Application Core Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2023-36047

Windows Authentication Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36046

Windows Authentication Denial of Service Vulnerability

CVSS: 7.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36036

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-36033

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2023-36025

Windows SmartScreen Security Feature Bypass Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2023-36017

Windows Scripting Engine Memory Corruption Vulnerability

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
Medium

CVE-2023-33304

A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials.

CVSS: 4.4 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2023-11-09
Medium

CVE-2023-45284

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by supe…

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2023-45283

The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-11-08
High

CVE-2023-47113

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2023-46756

Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.

CVSS: 5.3 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-11-06
High

CVE-2023-5719

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a…

CVSS: 8.8 CWE: CWE-158 - Improper Neutralization of Null Byte or NUL Character View on NVD
Critical

CVE-2023-5964

The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows…

CVSS: 9.9 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2023-45163

The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted…

CVSS: 9.9 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2023-45161

The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted in…

CVSS: 9.9 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-4996

Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted packa…

CVSS: 6.6 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
Medium

CVE-2023-42669

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be bloc…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2023-11-03
High

CVE-2023-3893

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
2023-11-02
High

CVE-2023-31027

NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may l…

CVSS: 8.2 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2023-31026

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service.

CVSS: 6.0 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-31023

NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service.

CVSS: 5.5 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
Medium

CVE-2023-31022

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-31021

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may le…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-31020

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or d…

CVSS: 6.1 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-31019

NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-31018

NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-31017

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vuln…

CVSS: 7.8 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
High

CVE-2023-31016

NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of s…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2023-46695

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is s…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2023-11-01
Critical

CVE-2023-5766

A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a s…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2023-5765

Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.

CVSS: 9.8 CWE: N/A View on NVD
Medium

CVE-2023-5847

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.

CVSS: 6.7 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-31
High

CVE-2023-3955

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-3676

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-5739

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-37243

The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability fo…

CVSS: 7.8 CWE: CWE-379 - Creation of Temporary File in Directory with Insecure Permissions View on NVD
2023-10-30
Medium

CVE-2021-25736

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not…

CVSS: 5.8 CWE: CWE-114 - Process Control View on NVD
2023-10-27
Low

CVE-2023-5834

HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.

CVSS: 3.8 CWE: CWE-1386 - Insecure Operation on Windows Junction / Mount Point View on NVD
High

CVE-2023-46290

Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the…

CVSS: 8.1 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2023-44220

SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a loc…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2023-44219

A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges throug…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-26
High

CVE-2023-5622

Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.

CVSS: 7.1 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-25
Medium

CVE-2023-5727

The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2023-5671

HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-23
Medium

CVE-2023-28803

An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector:…

CVSS: 5.9 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
Medium

CVE-2023-28797

Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.

CVSS: 6.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2021-26736

Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to…

CVSS: 6.7 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2021-26735

The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.

CVSS: 6.7 CWE: CWE-346 - Origin Validation Error View on NVD
Medium

CVE-2021-26734

Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated con…

CVSS: 4.4 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-19
Medium

CVE-2023-30633

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Reg…

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2023-45883

A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-17
High

CVE-2023-37537

An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges.

CVSS: 7.8 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
Medium

CVE-2022-3761

OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contai…

CVSS: 5.9 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2023-40373

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-40372

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
2023-10-16
Medium

CVE-2023-40374

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-30991

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-38740

IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-38728

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-38720

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-30987

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-45689

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2023-45687

A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an admin…

CVSS: 8.8 CWE: CWE-384 - Session Fixation View on NVD
Critical

CVE-2023-45685

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any l…

CVSS: 9.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-10-14
Medium

CVE-2023-45176

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows.…

CVSS: 6.2 CWE: CWE-20 - Improper Input Validation View on NVD
2023-10-11
Medium

CVE-2023-44689

e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for cus…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2023-10-10
Medium

CVE-2023-42794

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in pro…

CVSS: 5.9 CWE: CWE-459 - Incomplete Cleanup View on NVD
High

CVE-2023-41766

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2023-38159

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-36902

Windows Runtime Remote Code Execution Vulnerability

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-36790

Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-36726

Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-36725

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-36724

Windows Power Management Service Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2023-36723

Windows Container Manager Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36721

Windows Error Reporting Service Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-36720

Windows Mixed Reality Developer Tools Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2023-36717

Windows Virtual Trusted Platform Module Denial of Service Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2023-36713

Windows Common Log File System Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
High

CVE-2023-36712

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2023-36711

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36710

Windows Media Foundation Core Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-197 - Numeric Truncation Error View on NVD
Medium

CVE-2023-36707

Windows Deployment Services Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-36706

Windows Deployment Services Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-36704

Windows Setup Files Cleanup Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2023-36698

Windows Kernel Security Feature Bypass Vulnerability

CVSS: 4.4 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-36605

Windows Named Pipe Filesystem Elevation of Privilege Vulnerability

CVSS: 7.4 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-36603

Windows TCP/IP Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-36602

Windows TCP/IP Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-36594

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2023-36585

Windows upnphost.dll Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-36584

Windows Mark of the Web Security Feature Bypass Vulnerability

CVSS: 5.4 CWE: N/A View on NVD
Medium

CVE-2023-36576

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-36567

Windows Deployment Services Information Disclosure Vulnerability

CVSS: 7.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2023-36564

Windows Search Security Feature Bypass Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2023-36438

Windows TCP/IP Information Disclosure Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2023-36436

Windows MSHTML Platform Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Critical

CVE-2023-36434

Windows IIS Server Elevation of Privilege Vulnerability

CVSS: 9.8 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD
High

CVE-2023-29348

Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2023-37939

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all vers…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-10-09
High

CVE-2023-45248

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows)…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2023-45247

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acro…

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
2023-10-06
Medium

CVE-2023-23371

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read…

CVSS: 5.2 CWE: CWE-311 - Missing Encryption of Sensitive Data View on NVD