CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 38/121 • 14516 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14516 CVEs for this tag (all time). In the last 365 days, 1677 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-10-11
Medium

CVE-2022-37974

Windows Mixed Reality Developer Tools Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-37973

Windows Local Session Manager (LSM) Denial of Service Vulnerability

CVSS: 7.7 CWE: N/A View on NVD
High

CVE-2022-37971

Microsoft Windows Defender Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2022-37970

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-37965

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability

CVSS: 5.9 CWE: N/A View on NVD
Medium

CVE-2022-35770

Windows NTLM Spoofing Vulnerability

CVSS: 6.5 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
High

CVE-2022-34689

Windows CryptoAPI Spoofing Vulnerability

CVSS: 7.5 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
High

CVE-2022-33645

Windows TCP/IP Driver Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-33635

Windows GDI+ Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-33634

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-30198

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-24504

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-22035

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2022-10-06
High

CVE-2022-26235

A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwri…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2022-09-30
High

CVE-2022-41975

RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-09-29
High

CVE-2022-40126

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.

CVSS: 7.8 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2022-09-28
High

CVE-2022-40710

A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Pleas…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Low

CVE-2022-40709

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected inst…

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2022-40708

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected inst…

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2022-40707

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected inst…

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2022-3193

An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2022-09-23
High

CVE-2022-22629

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 1…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2020-36521

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes f…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2022-35257

A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary com…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2022-41320

Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Wind…

CVSS: 6.5 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
High

CVE-2022-40298

Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A lo…

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2022-09-19
Medium

CVE-2022-29835

WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algo…

CVSS: 5.3 CWE: CWE-328 - Use of Weak Hash View on NVD
2022-09-14
Medium

CVE-2020-36603

The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary…

CVSS: 6.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2022-0029

An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a…

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2022-09-13
High

CVE-2022-34102

Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-34101

A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege esca…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2022-35637

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-22483

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management whe…

CVSS: 6.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2022-38006

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-38005

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-38004

Windows Fax Service Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37969

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-37964

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37957

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37956

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-37955

Windows Group Policy Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-35841

Windows Enterprise App Management Service Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2022-35837

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-35833

Windows Secure Channel Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2022-35832

Windows Event Tracing Denial of Service Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-35831

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2022-35803

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-34729

Windows GDI Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-34728

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-34725

Windows ALPC Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-34724

Windows DNS Server Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2022-34723

Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Critical

CVE-2022-34722

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2022-34721

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2022-34720

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-34719

Windows Distributed File System (DFS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Critical

CVE-2022-34718

Windows TCP/IP Remote Code Execution Vulnerability

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2022-34100

A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure pr…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-33679

Windows Kerberos Elevation of Privilege Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2022-33647

Windows Kerberos Elevation of Privilege Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2022-30200

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-30196

Windows Secure Channel Denial of Service Vulnerability

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2022-30170

Windows Credential Roaming Service Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2022-26928

Windows Photo Import API Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2022-09-12
High

CVE-2022-36174

FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled upda…

CVSS: 8.1 CWE: CWE-354 - Improper Validation of Integrity Check Value View on NVD
High

CVE-2021-44426

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Window…

CVSS: 8.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Medium

CVE-2021-44425

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using th…

CVSS: 6.5 CWE: N/A View on NVD
2022-09-07
Medium

CVE-2022-36088

GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the de…

CVSS: 5.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-36070

Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These commands are being executed using the exe…

CVSS: 7.3 CWE: CWE-426 - Untrusted Search Path View on NVD
2022-09-06
Medium

CVE-2022-37771

IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privil…

CVSS: 6.7 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2022-36670

PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and esca…

CVSS: 6.7 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2022-23678

A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to int…

CVSS: 5.9 CWE: N/A View on NVD
High

CVE-2022-34883

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Sto…

CVSS: 7.2 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Critical

CVE-2022-34882

Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hi…

CVSS: 9.0 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
2022-08-30
Medium

CVE-2022-2330

Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the at…

CVSS: 6.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2022-08-25
Medium

CVE-2022-23235

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Acti…

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2022-32427

PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileg…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-08-19
Low

CVE-2022-2788

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables att…

CVSS: 3.9 CWE: CWE-29 - Path Traversal: '..filename' View on NVD
Critical

CVE-2022-36220

Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog.

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2022-35167

Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions.

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2022-08-17
High

CVE-2022-28752

Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerabilit…

CVSS: 8.8 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
2022-08-16
Critical

CVE-2022-36344

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the aff…

CVSS: 9.8 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2022-08-15
High

CVE-2022-35822

Windows Defender Credential Guard Security Feature Bypass Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2022-34711

Windows Defender Credential Guard Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Critical

CVE-2022-38221

A buffer overflow in the FTcpListener thread in The Isle Evrima (the dedicated server on Windows and Linux) 0.9.88.07 before 2022-08-12 allows a remote attacker to crash any server with an accessible…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2022-08-12
Medium

CVE-2022-2622

Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.

CVSS: 6.5 CWE: N/A View on NVD
2022-08-11
Critical

CVE-2022-28755

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicio…

CVSS: 9.6 CWE: CWE-20 - Improper Input Validation View on NVD
2022-08-10
Critical

CVE-2022-37002

The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background.

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-29804

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-08-09
High

CVE-2022-35820

Windows Bluetooth Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-35797

Windows Hello Security Feature Bypass Vulnerability

CVSS: 6.1 CWE: N/A View on NVD
High

CVE-2022-35795

Windows Error Reporting Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-35794

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2022-35793

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2022-35771

Windows Defender Credential Guard Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-35769

Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2022-35768

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-35767

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2022-35766

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2022-35761

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2022-34715

Windows Network File System Remote Code Execution Vulnerability

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2022-34714

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2022-34713

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-34712

Windows Defender Credential Guard Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-34710

Windows Defender Credential Guard Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2022-34709

Windows Defender Credential Guard Security Feature Bypass Vulnerability

CVSS: 6.0 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
Medium

CVE-2022-34708

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2022-34707

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-34706

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-34705

Windows Defender Credential Guard Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-34704

Windows Defender Credential Guard Information Disclosure Vulnerability

CVSS: 4.7 CWE: CWE-203 - Observable Discrepancy View on NVD
High

CVE-2022-34703

Windows Partition Management Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-34702

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-34701

Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2022-34699

Windows Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-34696

Windows Hyper-V Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-34690

Windows Fax Service Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2022-33670

Windows Partition Management Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-30197

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2022-30194

Windows WebBrowser Control Remote Code Execution Vulnerability

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD