CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 34/121 • 14515 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14515 CVEs for this tag (all time). In the last 365 days, 1681 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-04-11
High

CVE-2023-28297

Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-28293

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2023-28278

Windows DNS Server Remote Code Execution Vulnerability

CVSS: 6.6 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
Medium

CVE-2023-28277

Windows DNS Server Information Disclosure Vulnerability

CVSS: 4.9 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2023-28276

Windows Group Policy Security Feature Bypass Vulnerability

CVSS: 4.4 CWE: N/A View on NVD
High

CVE-2023-28274

Windows Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-28273

Windows Clip Service Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-28272

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2023-28271

Windows Kernel Memory Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2023-28270

Windows Lock Screen Security Feature Bypass Vulnerability

CVSS: 6.8 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2023-28269

Windows Boot Manager Security Feature Bypass Vulnerability

CVSS: 6.2 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2023-28266

Windows Common Log File System Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2023-28256

Windows DNS Server Remote Code Execution Vulnerability

CVSS: 6.6 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
Medium

CVE-2023-28255

Windows DNS Server Remote Code Execution Vulnerability

CVSS: 6.6 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-28254

Windows DNS Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2023-28253

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2023-28252

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Critical

CVE-2023-28250

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVSS: 9.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2023-28249

Windows Boot Manager Security Feature Bypass Vulnerability

CVSS: 6.2 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2023-28248

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-28247

Windows Network File System Information Disclosure Vulnerability

CVSS: 7.5 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2023-28246

Windows Registry Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-28244

Windows Kerberos Elevation of Privilege Vulnerability

CVSS: 8.1 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
High

CVE-2023-28241

Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2023-28240

Windows Network Load Balancing Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-28238

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVSS: 7.5 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-28237

Windows Kernel Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-28236

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
Medium

CVE-2023-28235

Windows Lock Screen Security Feature Bypass Vulnerability

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2023-28234

Windows Secure Channel Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2023-28233

Windows Secure Channel Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2023-28232

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVSS: 7.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-28229

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
Medium

CVE-2023-28228

Windows Spoofing Vulnerability

CVSS: 5.5 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2023-28227

Windows Bluetooth Driver Remote Code Execution Vulnerability

CVSS: 7.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2023-28226

Windows Enroll Engine Security Feature Bypass Vulnerability

CVSS: 5.3 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2023-28225

Windows NTLM Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-28224

Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability

CVSS: 7.1 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
Medium

CVE-2023-28223

Windows Domain Name Service Remote Code Execution Vulnerability

CVSS: 6.6 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-28222

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-28221

Windows Error Reporting Service Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2023-28218

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-28217

Windows Network Address Translation (NAT) Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-28216

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2023-24931

Windows Secure Channel Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-24912

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2023-1939

No access control for the OTP key   on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allow…

CVSS: 4.3 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2022-43946

Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in…

CVSS: 7.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2022-42470

A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands vi…

CVSS: 7.8 CWE: CWE-23 - Relative Path Traversal View on NVD
High

CVE-2022-40682

A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a cr…

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2023-23588

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC…

CVSS: 6.2 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2023-22282

WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a c…

CVSS: 7.3 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
Medium

CVE-2023-29187

A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administ…

CVSS: 6.7 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Critical

CVE-2023-27497

Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diag…

CVSS: 10.0 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2022-43293

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe.

CVSS: 5.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2022-38604

Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability.

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2023-04-06
High

CVE-2023-0652

Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge…

CVSS: 7.0 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2023-04-05
Medium

CVE-2023-20123

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to repla…

CVSS: 6.3 CWE: CWE-294 - Authentication Bypass by Capture-replay View on NVD
High

CVE-2023-1412

An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context…

CVSS: 7.0 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2023-04-04
High

CVE-2022-48226

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain e…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-04-03
Medium

CVE-2023-0977

A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the s…

CVSS: 6.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2023-0975

A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be exe…

CVSS: 8.2 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
2023-04-02
Medium

CVE-2023-1574

Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to…

CVSS: 6.5 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2023-04-01
Low

CVE-2023-0195

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportan…

CVSS: 2.0 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
Low

CVE-2023-0194

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service.

CVSS: 2.0 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
Medium

CVE-2023-0192

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure.

CVSS: 4.7 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-0191

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering.

CVSS: 7.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2023-0188

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of…

CVSS: 5.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2023-0187

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service.

CVSS: 6.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-0186

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service and data tampering.

CVSS: 6.1 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-0182

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering.

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-0181

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and da…

CVSS: 7.1 CWE: CWE-280 - Improper Handling of Insufficient Permissions or Privileges View on NVD
2023-03-30
High

CVE-2023-29059

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application…

CVSS: 7.8 CWE: N/A View on NVD
2023-03-29
High

CVE-2021-41526

A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has a…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2023-1656

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stol…

CVSS: 7.5 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2023-0664

A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their p…

CVSS: 7.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
High

CVE-2023-0213

Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.

CVSS: 8.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2023-03-28
Medium

CVE-2022-47529

Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to eith…

CVSS: 6.7 CWE: N/A View on NVD
2023-03-27
Critical

CVE-2022-4126

Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.

CVSS: 9.6 CWE: CWE-1393 - Use of Default Password View on NVD
2023-03-23
High

CVE-2023-28759

An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privile…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2023-03-22
High

CVE-2023-28433

Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\` character, which allows for arbitrary o…

CVSS: 8.8 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
Medium

CVE-2023-28005

A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows� Se…

CVSS: 6.8 CWE: N/A View on NVD
2023-03-21
Medium

CVE-2023-25134

McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in…

CVSS: 6.7 CWE: N/A View on NVD
High

CVE-2023-1314

A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges o…

CVSS: 7.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2023-03-16
High

CVE-2023-22883

Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain d…

CVSS: 7.2 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2023-22880

Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A…

CVSS: 6.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-03-14
High

CVE-2023-24910

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-24880

Windows SmartScreen Security Feature Bypass Vulnerability

CVSS: 4.4 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2023-24871

Windows Bluetooth Service Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2023-24862

Windows Secure Channel Denial of Service Vulnerability

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-24861

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2023-24859

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-23423

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2023-23422

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2023-23421

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-23420

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-23419

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-23418

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-23417

Windows Partition Management Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-23416

Windows Cryptographic Services Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-23414

Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability

CVSS: 7.1 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-23412

Windows Accounts Picture Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2023-23411

Windows Hyper-V Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-23410

Windows HTTP.sys Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-23407

Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability

CVSS: 7.1 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-23404

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-23402

Windows Media Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-415 - Double Free View on NVD
High

CVE-2023-23401

Windows Media Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-681 - Incorrect Conversion between Numeric Types View on NVD
High

CVE-2023-23400

Windows DNS Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-23393

Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-23388

Windows Bluetooth Driver Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-681 - Incorrect Conversion between Numeric Types View on NVD
High

CVE-2023-23385

Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2023-03-13
High

CVE-2023-0629

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linu…

CVSS: 7.1 CWE: CWE-424 - Improper Protection of Alternate Path View on NVD
2023-03-07
Medium

CVE-2023-1217

Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informat…

CVSS: 6.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2023-1003

A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code inj…

CVSS: 5.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2023-03-06
Critical

CVE-2022-45141

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Director…

CVSS: 9.8 CWE: CWE-328 - Use of Weak Hash View on NVD
Medium

CVE-2022-44875

KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code.

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2023-03-02
Medium

CVE-2023-22381

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a…

CVSS: 4.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2023-02-28
Medium

CVE-2022-23240

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-23239

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site…

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD