CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 39/121 • 14516 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14516 CVEs for this tag (all time). In the last 365 days, 1677 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-08-09
High

CVE-2022-30144

Windows Bluetooth Service Remote Code Execution Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2022-30133

Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

CVSS: 9.8 CWE: N/A View on NVD
2022-08-05
High

CVE-2022-27535

Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated atta…

CVSS: 7.8 CWE: N/A View on NVD
2022-08-01
High

CVE-2022-31179

Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape (any API function) to esc…

CVSS: 8.1 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2022-07-28
High

CVE-2022-36985

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivi…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-2162

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2022-2160

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitiv…

CVSS: 6.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2022-34009

Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product…

CVSS: 5.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2022-07-27
High

CVE-2022-34121

Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.

CVSS: 7.5 CWE: CWE-829 - Inclusion of Functionality from Untrusted Control Sphere View on NVD
High

CVE-2022-2313

A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a maliciou…

CVSS: 8.2 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2022-07-23
High

CVE-2022-36415

A DLL hijacking vulnerability exists in the uninstaller in Scooter Beyond Compare 1.8a through 4.4.2 before 4.4.3 when installed via the EXE installer. The uninstaller attempts to load DLLs out of a…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2022-36414

There is an elevation of privilege breakout vulnerability in the Windows EXE installer in Scooter Beyond Compare 4.2.0 through 4.4.2 before 4.4.3. Affected versions allow a logged-in user to run appl…

CVSS: 6.7 CWE: N/A View on NVD
Medium

CVE-2022-1128

Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-07-21
Medium

CVE-2022-28877

This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure wind…

CVSS: 4.3 CWE: N/A View on NVD
2022-07-20
High

CVE-2022-34866

Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious progr…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2022-07-19
Medium

CVE-2022-1984

This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before version 7.2 may allow local authenticated attackers to elevate p…

CVSS: 4.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2022-07-18
High

CVE-2021-41031

A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their pri…

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2021-42923

ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability. If an attacker overwrites the file %temp%\ShowMyPC\-ShowMyPC3606\wodVPN.dll, it will run any malicious code contained in that file. T…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2022-07-15
High

CVE-2022-30634

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
2022-07-14
High

CVE-2022-32223

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windo…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2022-07-12
High

CVE-2022-30226

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2022-30225

Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2022-30224

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2022-30223

Windows Hyper-V Information Disclosure Vulnerability

CVSS: 5.7 CWE: N/A View on NVD
High

CVE-2022-30222

Windows Shell Remote Code Execution Vulnerability

CVSS: 8.4 CWE: N/A View on NVD
High

CVE-2022-30221

Windows Graphics Component Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-30220

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-30216

Windows Server Service Tampering Vulnerability

CVSS: 8.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Medium

CVE-2022-30214

Windows DNS Server Remote Code Execution Vulnerability

CVSS: 6.6 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2022-30213

Windows GDI+ Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-30212

Windows Connected Devices Platform Service Information Disclosure Vulnerability

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-30211

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-30209

Windows IIS Server Elevation of Privilege Vulnerability

CVSS: 7.4 CWE: N/A View on NVD
Medium

CVE-2022-30208

Windows Security Account Manager (SAM) Denial of Service Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-30206

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-30205

Windows Group Policy Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-30203

Windows Boot Manager Security Feature Bypass Vulnerability

CVSS: 7.4 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2022-30202

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2022-22711

Windows BitLocker Information Disclosure Vulnerability

CVSS: 5.7 CWE: N/A View on NVD
High

CVE-2022-22050

Windows Fax Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-22049

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-22047

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2022-22045

Windows.Devices.Picker.dll Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-22043

Windows Fast FAT File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-22042

Windows Hyper-V Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-22041

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2022-22039

Windows Network File System Remote Code Execution Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-22037

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-22036

Performance Counters for Windows Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-22034

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-22031

Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
High

CVE-2022-22029

Windows Network File System Remote Code Execution Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
Medium

CVE-2022-22028

Windows Network File System Information Disclosure Vulnerability

CVSS: 5.9 CWE: N/A View on NVD
High

CVE-2022-22027

Windows Fax Service Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-22026

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-22025

Windows Internet Information Services Cachuri Module Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-22024

Windows Fax Service Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-22023

Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability

CVSS: 6.6 CWE: N/A View on NVD
High

CVE-2022-22022

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
Medium

CVE-2022-21845

Windows Kernel Information Disclosure Vulnerability

CVSS: 4.7 CWE: N/A View on NVD
High

CVE-2022-31012

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe`…

CVSS: 8.2 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2022-29187

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsu…

CVSS: 7.8 CWE: CWE-282 - Improper Ownership Management View on NVD
Medium

CVE-2022-33711

Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using dir…

CVSS: 5.5 CWE: CWE-354 - Improper Validation of Integrity Check Value View on NVD
2022-07-11
Medium

CVE-2022-1794

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.

CVSS: 5.5 CWE: CWE-256 - Plaintext Storage of a Password View on NVD
2022-07-06
High

CVE-2022-26348

Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, a…

CVSS: 8.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2022-23714

A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges…

CVSS: 7.8 CWE: CWE-264 View on NVD
2022-06-30
High

CVE-2022-23725

PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

CVSS: 7.7 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
High

CVE-2022-23720

PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrat…

CVSS: 7.5 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
High

CVE-2022-23719

PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machi…

CVSS: 7.2 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
High

CVE-2022-23718

PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromis…

CVSS: 7.6 CWE: CWE-1352 View on NVD
Medium

CVE-2022-23717

PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication.

CVSS: 5.0 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2022-06-28
Medium

CVE-2022-2145

Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges…

CVSS: 5.8 CWE: CWE-20 - Improper Input Validation View on NVD
2022-06-24
High

CVE-2022-22390

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID:…

CVSS: 7.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2022-22389

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an a…

CVSS: 6.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2021-42056

Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitra…

CVSS: 6.7 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-41635

When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entir…

CVSS: 8.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2022-06-23
Medium

CVE-2022-2147

Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.…

CVSS: 6.5 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
Critical

CVE-2022-33127

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a…

CVSS: 9.8 CWE: N/A View on NVD
2022-06-21
Medium

CVE-2022-23171

AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows…

CVSS: 5.9 CWE: N/A View on NVD
2022-06-19
High

CVE-2022-34006

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-06-17
Medium

CVE-2022-31246

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of credentials over SMB. On L…

CVSS: 5.5 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
High

CVE-2020-36549

A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the l…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-06-16
High

CVE-2022-1642

A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability…

CVSS: 7.5 CWE: CWE-241 - Improper Handling of Unexpected Data Type View on NVD
2022-06-15
Medium

CVE-2022-30189

Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-30165

Windows Kerberos Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-30163

Windows Hyper-V Remote Code Execution Vulnerability

CVSS: 8.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2022-30162

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-30161

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-30160

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-30155

Windows Kernel Denial of Service Vulnerability

CVSS: 5.5 CWE: CWE-193 - Off-by-one Error View on NVD
High

CVE-2022-30153

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-30152

Windows Network Address Translation (NAT) Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-30151

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-30150

Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2022-30149

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2022-30148

Windows Desired State Configuration (DSC) Information Disclosure Vulnerability

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2022-30147

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-30146

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-30145

Windows Encrypting File System (EFS) Remote Code Execution Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-30143

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-30142

Windows File History Remote Code Execution Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-30141

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2022-30140

Windows iSCSI Discovery Service Remote Code Execution Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-30139

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2022-30136

Windows Network File System Remote Code Execution Vulnerability

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2022-30135

Windows Media Center Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-30132

Windows Container Manager Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-30131

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-22788

The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom…

CVSS: 7.1 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2022-28226

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating tempo…

CVSS: 7.8 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2022-28225

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symli…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-25261

Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symli…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2022-06-14
High

CVE-2022-32230

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a na…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2022-32236

When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to th…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
2022-06-13
Medium

CVE-2022-23167

Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.

CVSS: 5.3 CWE: N/A View on NVD
2022-06-10
High

CVE-2022-27502

RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM.

CVSS: 7.8 CWE: N/A View on NVD
2022-06-09
Medium

CVE-2022-28330

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
2022-06-08
Medium

CVE-2022-28385

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive (containing the Windows and…

CVSS: 4.6 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
2022-06-07
Low

CVE-2020-36525

A vulnerability classified as problematic has been found in Linking. This affects an unknown part of the component New Windows Macro. The manipulation leads to cross site scripting. It is possible to…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2022-06-02
High

CVE-2022-31500

In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD