CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 35/121 • 14515 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14515 CVEs for this tag (all time). In the last 365 days, 1681 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-02-28
High

CVE-2022-41722

A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transf…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2022-3884

Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue…

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2023-02-24
Medium

CVE-2023-1004

A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The man…

CVSS: 5.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2023-02-23
Critical

CVE-2023-24205

Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml).

CVSS: 9.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2023-02-22
High

CVE-2023-0932

Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corrupt…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2023-02-21
Medium

CVE-2022-48282

Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is…

CVSS: 6.6 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2023-02-17
Medium

CVE-2023-26020

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects…

CVSS: 5.7 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2022-43930

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677.

CVSS: 6.2 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-43929

IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.

CVSS: 4.9 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-43927

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID:…

CVSS: 5.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2022-32972

Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2023-0882

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16.

CVSS: 8.8 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
2023-02-16
Medium

CVE-2022-37340

Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 6.7 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2022-27808

Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalat…

CVSS: 6.3 CWE: N/A View on NVD
Medium

CVE-2022-34849

Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access.

CVSS: 4.4 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
Medium

CVE-2022-30531

Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1474 may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-24485

Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-24483

A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-02-15
Critical

CVE-2023-23459

Priority Windows may allow Command Execution via SQL Injection using an unspecified method.

CVSS: 9.1 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2023-02-14
High

CVE-2023-23618

Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current direct…

CVSS: 8.6 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2023-22743

Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living ne…

CVSS: 7.2 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2023-21823

Windows Graphics Component Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-23376

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-21822

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-21820

Windows Distributed File System (DFS) Remote Code Execution Vulnerability

CVSS: 7.4 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2023-21819

Windows Secure Channel Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-21818

Windows Secure Channel Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-21817

Windows Kerberos Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2023-21816

Windows Active Directory Domain Services API Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-21813

Windows Secure Channel Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2023-21812

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-21811

Windows iSCSI Service Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2023-21805

Windows MSHTML Platform Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2023-21804

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Critical

CVE-2023-21803

Windows iSCSI Discovery Service Remote Code Execution Vulnerability

CVSS: 9.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-21802

Windows Media Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-21800

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-73 - External Control of File Name or Path View on NVD
High

CVE-2023-21702

Windows iSCSI Service Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-21700

Windows iSCSI Discovery Service Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-21699

Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-21697

Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability

CVSS: 6.2 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2023-21694

Windows Fax Service Remote Code Execution Vulnerability

CVSS: 6.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2023-02-13
High

CVE-2022-45455

Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) befor…

CVSS: 7.8 CWE: CWE-459 - Incomplete Cleanup View on NVD
High

CVE-2022-45454

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 3…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-02-12
High

CVE-2022-38396

HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the res…

CVSS: 7.8 CWE: N/A View on NVD
2023-02-10
Medium

CVE-2023-24816

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subj…

CVSS: 4.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-23698

Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentia…

CVSS: 5.5 CWE: CWE-1386 - Insecure Operation on Windows Junction / Mount Point View on NVD
2023-02-09
Critical

CVE-2022-43550

A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL wh…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2023-24815

Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating…

CVSS: 4.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2023-0575

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execComma…

CVSS: 7.2 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2023-02-08
High

CVE-2022-38777

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2023-0002

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.

CVSS: 5.5 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Medium

CVE-2023-0001

An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, whic…

CVSS: 6.0 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2023-02-06
Medium

CVE-2022-38136

Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1…

CVSS: 6.7 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2023-02-02
Medium

CVE-2023-0400

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into…

CVSS: 5.9 CWE: CWE-670 - Always-Incorrect Control Flow Implementation View on NVD
2023-02-01
High

CVE-2023-22358

In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Supp…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2023-22283

On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit th…

CVSS: 6.5 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2022-42973

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitori…

CVSS: 7.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2022-42972

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Produc…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Critical

CVE-2022-42971

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS…

CVSS: 9.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Critical

CVE-2022-42970

A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of r…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2023-01-31
Critical

CVE-2022-28331

On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.

CVSS: 9.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2023-01-29
Medium

CVE-2021-46873

WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticate…

CVSS: 5.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2023-01-27
Medium

CVE-2022-47632

Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious…

CVSS: 6.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2023-01-26
High

CVE-2022-45770

Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2022-48199

SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The…

CVSS: 8.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2022-38775

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-38774

An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalS…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-01-23
Low

CVE-2023-24069

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2023-24068

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modificatio…

CVSS: 7.8 CWE: N/A View on NVD
2023-01-18
Medium

CVE-2023-21899

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnera…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2023-21898

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnera…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2023-21893

Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticat…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2023-21885

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnera…

CVSS: 3.8 CWE: N/A View on NVD
2023-01-17
High

CVE-2022-41953

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone reposito…

CVSS: 8.6 CWE: CWE-426 - Untrusted Search Path View on NVD
2023-01-16
High

CVE-2022-4258

In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.

CVSS: 7.8 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2023-01-11
High

CVE-2023-22947

Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2023-01-10
Medium

CVE-2023-21776

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-21774

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-21773

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-21772

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-21771

Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-21768

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2023-21767

Windows Overlay Filter Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-21766

Windows Overlay Filter Information Disclosure Vulnerability

CVSS: 4.7 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-21765

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-21760

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Low

CVE-2023-21759

Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

CVSS: 3.3 CWE: N/A View on NVD
High

CVE-2023-21758

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-21757

Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-21755

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-21754

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2023-21753

Event Tracing for Windows Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
High

CVE-2023-21752

Windows Backup Service Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-21750

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-21749

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-21748

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2023-21747

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-21746

Windows NTLM Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2023-21739

Windows Bluetooth Driver Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-21733

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-21728

Windows Netlogon Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-21726

Windows Credential Manager User Interface Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-257 - Storing Passwords in a Recoverable Format View on NVD
Medium

CVE-2023-21725

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

CVSS: 6.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-21683

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-21682

Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-21680

Windows Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-21679

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-21678

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-21677

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2023-21676

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2023-21675

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2023-21674

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-21560

Windows Boot Manager Security Feature Bypass Vulnerability

CVSS: 6.6 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2023-21559

Windows Cryptographic Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-21558

Windows Error Reporting Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-21557

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-21556

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2023-21555

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2023-21552

Windows GDI Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD