CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 31/121 • 14515 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14515 CVEs for this tag (all time). In the last 365 days, 1681 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-08-11
Medium

CVE-2023-3937

Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger…

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2023-3864

Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands…

CVSS: 7.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2023-34355

Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authen…

CVSS: 6.7 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2023-28714

Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of priv…

CVSS: 8.2 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-28385

Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access.

CVSS: 8.2 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2023-25773

Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local ac…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
2023-08-10
Medium

CVE-2023-30702

Stack overflow vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. - System Hardware Update - 7/13/2023" in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galaxy boo…

CVSS: 6.7 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2023-30695

Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. - System Hardware Update - 7/13/2023" in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galax…

CVSS: 6.7 CWE: CWE-787 - Out-of-bounds Write View on NVD
2023-08-09
Medium

CVE-2023-35838

The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an advers…

CVSS: 5.7 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
2023-08-08
Critical

CVE-2023-39213

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network acc…

CVSS: 9.6 CWE: CWE-176 - Improper Handling of Unicode Encoding View on NVD
High

CVE-2023-39212

Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.

CVSS: 7.9 CWE: CWE-144 - Improper Neutralization of Line Delimiters View on NVD
High

CVE-2023-39211

Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.

CVSS: 8.8 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
Medium

CVE-2023-39210

Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.

CVSS: 5.5 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
Medium

CVE-2023-39209

Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.

CVSS: 5.9 CWE: CWE-449 - The UI Performs the Wrong Action View on NVD
Critical

CVE-2023-39216

Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.

CVSS: 9.6 CWE: CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) View on NVD
High

CVE-2023-38186

Windows Mobile Device Management Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2023-38184

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-38175

Microsoft Windows Defender Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-38154

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2023-36914

Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-36908

Windows Hyper-V Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2023-36907

Windows Cryptographic Services Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-170 - Improper Null Termination View on NVD
Medium

CVE-2023-36906

Windows Cryptographic Services Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-170 - Improper Null Termination View on NVD
Medium

CVE-2023-36905

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-36904

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2023-36903

Windows System Assessment Tool Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-36900

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-36898

Tablet Windows User Interface Application Core Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
Medium

CVE-2023-36889

Windows Group Policy Security Feature Bypass Vulnerability

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-36541

Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access.

CVSS: 8.0 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
High

CVE-2023-36540

Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.

CVSS: 7.3 CWE: CWE-426 - Untrusted Search Path View on NVD
Critical

CVE-2023-36534

Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2023-35387

Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2023-35386

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-35384

Windows HTML Platforms Security Feature Bypass Vulnerability

CVSS: 5.4 CWE: CWE-73 - External Control of File Name or Path View on NVD
High

CVE-2023-35382

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-35381

Windows Fax Service Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-35380

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-35378

Windows Projected File System Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2023-35359

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-23 - Relative Path Traversal View on NVD
Medium

CVE-2023-20561

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-20556

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to d…

CVSS: 5.5 CWE: N/A View on NVD
2023-08-04
Critical

CVE-2023-39143

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device inte…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-08-03
Medium

CVE-2023-25524

NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacke…

CVSS: 4.0 CWE: CWE-598 - Use of HTTP Request With Sensitive Query String View on NVD
High

CVE-2023-4136

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affe…

CVSS: 7.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2023-2754

The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is con…

CVSS: 7.4 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2023-08-02
High

CVE-2023-36858

An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list.  Note: Software versions which h…

CVSS: 7.1 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
2023-08-01
Medium

CVE-2023-4054

When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vuln…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-4052

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling…

CVSS: 6.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2023-07-29
High

CVE-2023-2313

Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a mal…

CVSS: 8.8 CWE: N/A View on NVD
2023-07-28
High

CVE-2023-2685

A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up…

CVSS: 7.2 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2023-07-25
Medium

CVE-2023-3897

Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message. This issue affe…

CVSS: 4.8 CWE: CWE-203 - Observable Discrepancy View on NVD
Critical

CVE-2023-32232

An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. T…

CVSS: 9.9 CWE: N/A View on NVD
Critical

CVE-2023-32231

An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.818. During installation, binaries gets executed out of a subfolder in C:\Windows\Temp. A standard user can create the…

CVSS: 9.9 CWE: N/A View on NVD
2023-07-24
High

CVE-2023-26077

Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2023-26078

Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs.

CVSS: 7.8 CWE: N/A View on NVD
2023-07-21
High

CVE-2023-35077

An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above.

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2023-25841

There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted c…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2023-07-19
High

CVE-2023-25839

There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back…

CVSS: 7.0 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2023-07-18
Medium

CVE-2023-22017

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulner…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-34143

Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Ma…

CVSS: 5.6 CWE: CWE-297 - Improper Validation of Certificate with Host Mismatch View on NVD
Critical

CVE-2023-34142

Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Intercep…

CVSS: 9.0 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2022-4146

Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02.

CVSS: 7.3 CWE: CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') View on NVD
2023-07-17
Critical

CVE-2023-26512

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send contro…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2023-35012

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user…

CVSS: 6.7 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2023-07-14
High

CVE-2023-3633

An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefender Engines version 7.94791 and lower.

CVSS: 8.1 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2023-3434

Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value…

CVSS: 4.4 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-3514

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with t…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-3513

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with t…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-07-13
Medium

CVE-2023-37849

A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.e…

CVSS: 6.5 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2023-07-12
Critical

CVE-2023-26563

The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-07-11
High

CVE-2023-24491

A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the v…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-36884

Windows Search Remote Code Execution Vulnerability

CVSS: 7.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-36874

Windows Error Reporting Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2023-36868

Azure Service Fabric on Windows Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2023-36538

Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.

CVSS: 8.4 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2023-36537

Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.

CVSS: 7.3 CWE: CWE-354 - Improper Validation of Integrity Check Value View on NVD
High

CVE-2023-36536

Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.

CVSS: 8.2 CWE: CWE-426 - Untrusted Search Path View on NVD
Critical

CVE-2023-35367

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2023-35366

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2023-35365

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-35364

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-35363

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-35362

Windows Clip Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-35361

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-35360

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-35358

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-35357

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-35356

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2023-35352

Windows Remote Desktop Security Feature Bypass Vulnerability

CVSS: 7.5 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Medium

CVE-2023-35351

Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability

CVSS: 6.6 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-35350

Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2023-35346

Windows DNS Server Remote Code Execution Vulnerability

CVSS: 6.6 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
Medium

CVE-2023-35345

Windows DNS Server Remote Code Execution Vulnerability

CVSS: 6.6 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
Medium

CVE-2023-35344

Windows DNS Server Remote Code Execution Vulnerability

CVSS: 6.6 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-35343

Windows Geolocation Service Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2023-35342

Windows Image Acquisition Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-35340

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-35339

Windows CryptoAPI Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-35338

Windows Peer Name Resolution Protocol Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-35336

Windows MSHTML Platform Security Feature Bypass Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-35332

Windows Remote Desktop Protocol Security Feature Bypass

CVSS: 6.8 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
Medium

CVE-2023-35331

Windows Local Security Authority (LSA) Denial of Service Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2023-35330

Windows Extended Negotiation Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2023-35329

Windows Authentication Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-35328

Windows Transaction Manager Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-197 - Numeric Truncation Error View on NVD
Medium

CVE-2023-35326

Windows CDP User Components Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
High

CVE-2023-35325

Windows Print Spooler Information Disclosure Vulnerability

CVSS: 7.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
High

CVE-2023-35323

Windows OLE Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-35322

Windows Deployment Services Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2023-35321

Windows Deployment Services Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-170 - Improper Null Termination View on NVD
High

CVE-2023-35317

Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-35315

Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-35313

Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-35310

Windows DNS Server Remote Code Execution Vulnerability

CVSS: 6.6 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
Medium

CVE-2023-35308

Windows MSHTML Platform Security Feature Bypass Vulnerability

CVSS: 6.5 CWE: CWE-73 - External Control of File Name or Path View on NVD
High

CVE-2023-35305

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-35304

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-35299

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-35297

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD