CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 32/121 • 14515 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14515 CVEs for this tag (all time). In the last 365 days, 1681 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-07-11
High

CVE-2023-34119

Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.

CVSS: 8.2 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2023-34118

Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.

CVSS: 7.3 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
Medium

CVE-2023-33174

Windows Cryptographic Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2023-33163

Windows Network Load Balancing Remote Code Execution Vulnerability

CVSS: 7.5 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-33155

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-33154

Windows Partition Management Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2023-32056

Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-32053

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-32050

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-32049

Windows SmartScreen Security Feature Bypass Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2023-32046

Windows MSHTML Platform Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2023-32043

Windows Remote Desktop Security Feature Bypass Vulnerability

CVSS: 6.8 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
Medium

CVE-2023-32041

Windows Update Orchestrator Service Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2023-32037

Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-29347

Windows Admin Center Spoofing Vulnerability

CVSS: 8.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2023-21756

Windows Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-21526

Windows Netlogon Information Disclosure Vulnerability

CVSS: 7.4 CWE: N/A View on NVD
High

CVE-2023-34116

Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access.

CVSS: 8.2 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2023-33990

SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local sys…

CVSS: 7.8 CWE: CWE-277 - Insecure Inherited Permissions View on NVD
2023-07-10
High

CVE-2023-30449

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-30448

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-30447

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-30446

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361…

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-30445

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-30442

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper us…

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-30431

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the b…

CVSS: 8.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2023-29256

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features…

CVSS: 5.3 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2023-27869

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injecti…

CVSS: 6.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2023-27868

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instanti…

CVSS: 6.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2023-27867

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted r…

CVSS: 6.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2023-27558

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vuln…

CVSS: 8.4 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2023-23487

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2021-42079

An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests. POC Step 1: Prepare the SSRF with a request like this: GE…

CVSS: 6.2 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2023-07-06
Medium

CVE-2023-30672

Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction.

CVSS: 6.8 CWE: N/A View on NVD
2023-07-05
Medium

CVE-2023-35863

In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a hand…

CVSS: 5.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2023-07-04
Low

CVE-2023-25523

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A…

CVSS: 3.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2023-07-03
Medium

CVE-2023-3438

An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to in…

CVSS: 4.4 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2023-06-29
Critical

CVE-2023-31222

Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2023-06-28
High

CVE-2023-20178

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated,…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2023-06-27
Medium

CVE-2023-2818

An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. All versions prior to 7.14.3 are affected. Agents fo…

CVSS: 5.5 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
2023-06-26
High

CVE-2023-36631

Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab.…

CVSS: 7.8 CWE: N/A View on NVD
2023-06-25
High

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3…

CVSS: 7.5 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2023-06-23
High

CVE-2023-32353

A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges.

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2023-32351

A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2023-25515

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data…

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
Medium

CVE-2023-28065

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potential…

CVSS: 6.7 CWE: CWE-1386 - Insecure Operation on Windows Junction / Mount Point View on NVD
Medium

CVE-2023-28071

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could pote…

CVSS: 6.3 CWE: CWE-1386 - Insecure Operation on Windows Junction / Mount Point View on NVD
2023-06-22
High

CVE-2023-35174

Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and trigger…

CVSS: 8.6 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2023-33842

IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive informat…

CVSS: 6.2 CWE: N/A View on NVD
2023-06-20
High

CVE-2023-1862

Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This w…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
2023-06-19
Medium

CVE-2022-48491

Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-29545

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug…

CVSS: 6.5 CWE: N/A View on NVD
Critical

CVE-2023-29542

A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental ex…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2023-32214

Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnera…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2023-29532

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced a…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2023-34642

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the fun…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2023-34641

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the fun…

CVSS: 7.8 CWE: N/A View on NVD
2023-06-16
Critical

CVE-2023-34157

Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.

CVSS: 10.0 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
High

CVE-2023-34154

Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system…

CVSS: 8.2 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2023-06-15
High

CVE-2022-4149

The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user. The files are created…

CVSS: 7.0 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
2023-06-14
Medium

CVE-2023-34367

Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Id…

CVSS: 6.5 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2023-2976

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps…

CVSS: 5.5 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
High

CVE-2023-0009

A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.

CVSS: 7.8 CWE: CWE-807 - Reliance on Untrusted Inputs in a Security Decision View on NVD
Medium

CVE-2023-0837

An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device setting…

CVSS: 6.6 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2023-24937

Windows CryptoAPI Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-32022

Windows Server Service Security Feature Bypass Vulnerability

CVSS: 7.6 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2023-32021

Windows SMB Witness Service Security Feature Bypass Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
Medium

CVE-2023-32020

Windows DNS Spoofing Vulnerability

CVSS: 5.6 CWE: CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action View on NVD
Medium

CVE-2023-32019

Windows Kernel Information Disclosure Vulnerability

CVSS: 4.7 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2023-32018

Windows Hello Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-32016

Windows Installer Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Critical

CVE-2023-32015

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2023-32014

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVSS: 9.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2023-32013

Windows Hyper-V Denial of Service Vulnerability

CVSS: 5.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-32012

Windows Container Manager Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-32011

Windows iSCSI Discovery Service Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-32010

Windows Bus Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-32009

Windows Collaborative Translation Framework Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-32008

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-29371

Windows GDI Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-29370

Windows Media Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-29368

Windows Filtering Platform Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-415 - Double Free View on NVD
High

CVE-2023-29366

Windows Geolocation Service Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-415 - Double Free View on NVD
High

CVE-2023-29365

Windows Media Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-29364

Windows Authentication Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Critical

CVE-2023-29363

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVSS: 9.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-29361

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-29358

Windows GDI Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-29353

Sysinternals Process Monitor for Windows Denial of Service Vulnerability

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-29352

Windows Remote Desktop Security Feature Bypass Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2023-29351

Windows Group Policy Elevation of Privilege Vulnerability

CVSS: 8.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2023-24938

Windows CryptoAPI Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2023-06-13
High

CVE-2023-34114

Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access.

CVSS: 7.4 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
Medium

CVE-2023-34121

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via…

CVSS: 4.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2023-34120

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privi…

CVSS: 8.7 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
Low

CVE-2023-28602

Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous vers…

CVSS: 2.8 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2023-28601

Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buf…

CVSS: 8.3 CWE: CWE-358 - Improperly Implemented Security Check for Standard View on NVD
Low

CVE-2023-28303

Windows Snipping Tool Information Disclosure Vulnerability

CVSS: 3.3 CWE: CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor View on NVD
Low

CVE-2023-28829

A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SI…

CVSS: 3.9 CWE: CWE-477 - Use of Obsolete Function View on NVD
High

CVE-2022-33877

An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0…

CVSS: 7.0 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2023-06-12
Critical

CVE-2023-32674

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Critical

CVE-2023-32673

Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.

CVSS: 9.8 CWE: N/A View on NVD
2023-06-09
High

CVE-2023-27706

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.

CVSS: 7.1 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
2023-06-08
Medium

CVE-2023-34243

TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing…

CVSS: 5.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-06-07
Medium

CVE-2022-31693

VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest…

CVSS: 5.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2023-06-02
Medium

CVE-2023-28163

When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2023-25740

After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This a…

CVSS: 8.8 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
Medium

CVE-2023-25738

Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-25734

After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This…

CVSS: 8.1 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
2023-05-31
Medium

CVE-2022-35759

Windows Local Security Authority (LSA) Denial of Service Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-35758

Windows Kernel Memory Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-35757

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2022-35756

Windows Kerberos Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-35755

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2022-35753

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2022-35752

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2022-35751

Windows Hyper-V Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-35749

Windows Digital Media Receiver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-35747

Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability

CVSS: 5.9 CWE: N/A View on NVD
High

CVE-2022-35746

Windows Digital Media Receiver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD