CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 40/121 • 14516 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14516 CVEs for this tag (all time). In the last 365 days, 1677 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-05-26
High

CVE-2022-26774

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.

CVSS: 7.8 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2022-26773

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission.

CVSS: 7.1 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2022-26751

A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 1…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2022-26711

An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A rem…

CVSS: 9.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2022-21827

An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to…

CVSS: 7.1 CWE: CWE-269 - Improper Privilege Management View on NVD
2022-05-25
Medium

CVE-2022-29256

sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` pr…

CVSS: 6.5 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2022-05-24
High

CVE-2022-22977

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where…

CVSS: 7.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2022-05-23
High

CVE-2022-29376

Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the direc…

CVSS: 8.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2022-1467

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA I…

CVSS: 7.4 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2022-28944

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping…

CVSS: 8.8 CWE: CWE-494 - Download of Code Without Integrity Check View on NVD
2022-05-20
Medium

CVE-2022-31215

In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period o…

CVSS: 6.5 CWE: N/A View on NVD
2022-05-18
High

CVE-2022-30138

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-30994

Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240

CVSS: 7.5 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2022-30993

Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240

CVSS: 7.5 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
Medium

CVE-2022-30992

Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240

CVSS: 6.1 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
Medium

CVE-2022-30991

HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240

CVSS: 6.1 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Medium

CVE-2022-22787

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a…

CVSS: 5.9 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2022-0883

SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched.

CVSS: 7.3 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
High

CVE-2022-22786

The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update…

CVSS: 7.5 CWE: CWE-494 - Download of Code Without Integrity Check View on NVD
Medium

CVE-2022-22785

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a mor…

CVSS: 5.9 CWE: CWE-565 - Reliance on Cookies without Validation and Integrity Checking View on NVD
High

CVE-2022-22784

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of…

CVSS: 8.1 CWE: CWE-91 - XML Injection (aka Blind XPath Injection) View on NVD
2022-05-17
Medium

CVE-2022-28190

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service.

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-28189

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2022-28188

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or in…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-28187

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime h…

CVSS: 5.5 CWE: CWE-772 - Missing Release of Resource after Effective Lifetime View on NVD
Medium

CVE-2022-28186

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or in…

CVSS: 6.1 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2022-28185

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and…

CVSS: 6.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-28184

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator…

CVSS: 7.1 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-28183

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of serv…

CVSS: 7.7 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2022-28182

NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write throu…

CVSS: 8.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-28181

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a special…

CVSS: 8.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-30951

Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allo…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2022-30950

Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute…

CVSS: 8.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2022-05-16
High

CVE-2022-30697

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2022-30696

Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2022-30695

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

CVSS: 7.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2022-05-13
High

CVE-2022-22281

A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the h…

CVSS: 7.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2022-05-12
High

CVE-2022-23742

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious…

CVSS: 7.8 CWE: CWE-65 - Windows Hard Link View on NVD
2022-05-11
Critical

CVE-2022-29596

MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2022-0026

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows…

CVSS: 6.7 CWE: CWE-282 - Improper Ownership Management View on NVD
Medium

CVE-2022-0025

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows…

CVSS: 6.7 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2021-37851

Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue af…

CVSS: 7.3 CWE: CWE-280 - Improper Handling of Insufficient Permissions or Privileges View on NVD
2022-05-10
High

CVE-2022-29151

Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-29150

Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-29142

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-29141

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2022-29140

Windows Print Spooler Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-29139

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-29138

Windows Clustered Shared Volume Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-29137

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-29135

Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2022-29134

Windows Clustered Shared Volume Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-29133

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-29132

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-29131

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
Critical

CVE-2022-29130

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2022-29129

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-29128

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-29126

Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-29125

Windows Push Notifications Apps Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2022-29123

Windows Clustered Shared Volume Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-29122

Windows Clustered Shared Volume Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-29121

Windows WLAN AutoConfig Service Denial of Service Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-29120

Windows Clustered Shared Volume Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-29116

Windows Kernel Information Disclosure Vulnerability

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-29115

Windows Fax Service Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-29114

Windows Print Spooler Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-29113

Windows Digital Media Receiver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2022-29112

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-29106

Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-29105

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-29104

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-29103

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-29102

Windows Failover Cluster Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Critical

CVE-2022-26937

Windows Network File System Remote Code Execution Vulnerability

CVSS: 9.8 CWE: N/A View on NVD
Medium

CVE-2022-26936

Windows Server Service Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-26935

Windows WLAN AutoConfig Service Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-26934

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2022-26933

Windows NTFS Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-26931

Windows Kerberos Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2022-26930

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-26927

Windows Graphics Component Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-26926

Windows Address Book Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2022-26925

Windows LSA Spoofing Vulnerability

CVSS: 8.1 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2022-26913

Windows Authentication Information Disclosure Vulnerability

CVSS: 7.4 CWE: N/A View on NVD
Medium

CVE-2022-24466

Windows Hyper-V Security Feature Bypass Vulnerability

CVSS: 4.1 CWE: N/A View on NVD
High

CVE-2022-23279

Windows ALPC Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-23270

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
Medium

CVE-2022-22713

Windows Hyper-V Denial of Service Vulnerability

CVSS: 5.6 CWE: N/A View on NVD
High

CVE-2022-22016

Windows PlayToManager Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2022-22015

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-22014

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-22013

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
Critical

CVE-2022-22012

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVSS: 9.8 CWE: N/A View on NVD
Medium

CVE-2022-22011

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-21972

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2022-27167

Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects:…

CVSS: 7.1 CWE: CWE-280 - Improper Handling of Insufficient Permissions or Privileges View on NVD
2022-05-07
Medium

CVE-2022-30334

Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-05-06
High

CVE-2021-42743

A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.

CVSS: 8.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Critical

CVE-2022-28005

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the serv…

CVSS: 9.8 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
Medium

CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290…

CVSS: 5.5 CWE: CWE-378 - Creation of Temporary File With Insecure Permissions View on NVD
2022-05-05
High

CVE-2022-28714

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as we…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2022-27636

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as we…

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2022-05-03
Medium

CVE-2022-28790

Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic.

CVSS: 4.0 CWE: CWE-287 - Improper Authentication View on NVD
2022-05-02
Critical

CVE-2022-28054

Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value.

CVSS: 9.8 CWE: N/A View on NVD
2022-04-30
Medium

CVE-2021-41994

A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.

CVSS: 6.6 CWE: CWE-310 View on NVD
Medium

CVE-2021-41993

A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.

CVSS: 6.6 CWE: CWE-310 View on NVD
High

CVE-2021-41992

A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.

CVSS: 7.7 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
2022-04-28
High

CVE-2022-22782

The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.…

CVSS: 7.9 CWE: N/A View on NVD
High

CVE-2021-33436

NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL…

CVSS: 7.3 CWE: N/A View on NVD
2022-04-27
Medium

CVE-2022-22323

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password S…

CVSS: 6.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-22312

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password S…

CVSS: 6.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-29505

Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation.

CVSS: 7.8 CWE: N/A View on NVD
2022-04-26
Critical

CVE-2022-27984

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2022-04-25
High

CVE-2021-4225

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that co…

CVSS: 8.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
2022-04-22
High

CVE-2022-29583

service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could n…

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
2022-04-20
Critical

CVE-2022-24826

On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting…

CVSS: 9.8 CWE: CWE-426 - Untrusted Search Path View on NVD
2022-04-19
High

CVE-2022-21491

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low pr…

CVSS: 7.8 CWE: N/A View on NVD
2022-04-15
High

CVE-2022-29072

7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-26920

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD