High
CVE-2022-26919
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Tag: Microsoft Windows
All CVEs associated with "Microsoft Windows". Page 41/121 • 14516 CVEs.
Subscribe CVEs: RSS for “Microsoft Windows” · RSS (High+Critical only)
About “Microsoft Windows”
A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14516 CVEs for this tag (all time). In the last 365 days, 1677 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').
In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2022-04-15
High
CVE-2022-26918
Windows Fax Compose Form Remote Code Execution Vulnerability
High
CVE-2022-26917
Windows Fax Compose Form Remote Code Execution Vulnerability
High
CVE-2022-26916
Windows Fax Compose Form Remote Code Execution Vulnerability
High
CVE-2022-26915
Windows Secure Channel Denial of Service Vulnerability
High
CVE-2022-26904
Windows User Profile Service Elevation of Privilege Vulnerability
High
CVE-2022-26903
Windows Graphics Component Remote Code Execution Vulnerability
High
CVE-2022-26831
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Medium
CVE-2022-26829
Windows DNS Server Remote Code Execution Vulnerability
High
CVE-2022-26828
Windows Bluetooth Driver Elevation of Privilege Vulnerability
High
CVE-2022-26827
Windows File Server Resource Management Service Elevation of Privilege Vulnerability
High
CVE-2022-26826
Windows DNS Server Remote Code Execution Vulnerability
High
CVE-2022-26825
Windows DNS Server Remote Code Execution Vulnerability
High
CVE-2022-26824
Windows DNS Server Remote Code Execution Vulnerability
High
CVE-2022-26823
Windows DNS Server Remote Code Execution Vulnerability
Medium
CVE-2022-26822
Windows DNS Server Remote Code Execution Vulnerability
Medium
CVE-2022-26821
Windows DNS Server Remote Code Execution Vulnerability
Medium
CVE-2022-26820
Windows DNS Server Remote Code Execution Vulnerability
Medium
CVE-2022-26819
Windows DNS Server Remote Code Execution Vulnerability
Medium
CVE-2022-26818
Windows DNS Server Remote Code Execution Vulnerability
Medium
CVE-2022-26817
Windows DNS Server Remote Code Execution Vulnerability
Medium
CVE-2022-26816
Windows DNS Server Information Disclosure Vulnerability
High
CVE-2022-26815
Windows DNS Server Remote Code Execution Vulnerability
Medium
CVE-2022-26814
Windows DNS Server Remote Code Execution Vulnerability
High
CVE-2022-26813
Windows DNS Server Remote Code Execution Vulnerability
High
CVE-2022-26812
Windows DNS Server Remote Code Execution Vulnerability
High
CVE-2022-26811
Windows DNS Server Remote Code Execution Vulnerability
High
CVE-2022-26810
Windows File Server Resource Management Service Elevation of Privilege Vulnerability
High
CVE-2022-26808
Windows File Explorer Elevation of Privilege Vulnerability
High
CVE-2022-26807
Windows Work Folder Service Elevation of Privilege Vulnerability
High
CVE-2022-26803
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-26802
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-26801
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-26798
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-26797
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-26796
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-26795
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-26794
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-26793
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-26792
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-26791
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-26790
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-26789
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-26787
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-26786
Windows Print Spooler Elevation of Privilege Vulnerability
Medium
CVE-2022-26785
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
Medium
CVE-2022-26784
Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
Medium
CVE-2022-26783
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
High
CVE-2022-24550
Windows Telephony Server Elevation of Privilege Vulnerability
High
CVE-2022-24549
Windows AppX Package Manager Elevation of Privilege Vulnerability
High
CVE-2022-24547
Windows Digital Media Receiver Elevation of Privilege Vulnerability
High
CVE-2022-24546
Windows DWM Core Library Elevation of Privilege Vulnerability
High
CVE-2022-24545
Windows Kerberos Remote Code Execution Vulnerability
High
CVE-2022-24544
Windows Kerberos Elevation of Privilege Vulnerability
High
CVE-2022-24543
Windows Upgrade Assistant Remote Code Execution Vulnerability
High
CVE-2022-24542
Windows Win32k Elevation of Privilege Vulnerability
High
CVE-2022-24541
Windows Server Service Remote Code Execution Vulnerability
High
CVE-2022-24540
Windows ALPC Elevation of Privilege Vulnerability
High
CVE-2022-24539
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
Medium
CVE-2022-24538
Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
High
CVE-2022-24537
Windows Hyper-V Remote Code Execution Vulnerability
High
CVE-2022-24536
Windows DNS Server Remote Code Execution Vulnerability
High
CVE-2022-24530
Windows Installer Elevation of Privilege Vulnerability
High
CVE-2022-24521
Windows Common Log File System Driver Elevation of Privilege Vulnerability
High
CVE-2022-24500
Windows SMB Remote Code Execution Vulnerability
High
CVE-2022-24499
Windows Installer Elevation of Privilege Vulnerability
Medium
CVE-2022-24498
Windows iSCSI Target Service Information Disclosure Vulnerability
Critical
CVE-2022-24497
Windows Network File System Remote Code Execution Vulnerability
High
CVE-2022-24496
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
High
CVE-2022-24495
Windows Direct Show Remote Code Execution Vulnerability
High
CVE-2022-24494
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Critical
CVE-2022-24491
Windows Network File System Remote Code Execution Vulnerability
High
CVE-2022-24490
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
High
CVE-2022-24488
Windows Desktop Bridge Elevation of Privilege Vulnerability
High
CVE-2022-24487
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
High
CVE-2022-24486
Windows Kerberos Elevation of Privilege Vulnerability
Medium
CVE-2022-24484
Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
Medium
CVE-2022-24483
Windows Kernel Information Disclosure Vulnerability
High
CVE-2022-24482
Windows ALPC Elevation of Privilege Vulnerability
High
CVE-2022-24481
Windows Common Log File System Driver Elevation of Privilege Vulnerability
High
CVE-2022-24474
Windows Win32k Elevation of Privilege Vulnerability
Medium
CVE-2022-23268
Windows Hyper-V Denial of Service Vulnerability
High
CVE-2022-23257
Windows Hyper-V Remote Code Execution Vulnerability
High
CVE-2022-22009
Windows Hyper-V Remote Code Execution Vulnerability
High
CVE-2022-22008
Windows Hyper-V Remote Code Execution Vulnerability
2022-04-14
Medium
CVE-2022-24853
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not ret…
High
CVE-2022-22187
An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repa…
Medium
CVE-2022-1257
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The se…
High
CVE-2022-1256
A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actio…
2022-04-13
Medium
CVE-2022-24308
Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process.
2022-04-12
Medium
CVE-2022-0915
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission…
High
CVE-2022-24767
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
Medium
CVE-2022-24765
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk.…
2022-04-11
Medium
CVE-2022-28779
Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code.
2022-04-07
Critical
CVE-2022-26612
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extr…
High
CVE-2022-22516
The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.
High
CVE-2022-0677
Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an…
2022-04-06
High
CVE-2021-44169
A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative…
High
CVE-2021-30497
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is…
2022-04-05
High
CVE-2022-25154
A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10,…
High
CVE-2022-0799
Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.
High
CVE-2022-0467
Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
2022-04-04
Medium
CVE-2022-27609
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could resu…
Medium
CVE-2022-27608
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling ant…
2022-04-01
Medium
CVE-2021-27223
A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running…
2022-03-31
High
CVE-2022-27050
BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level.
2022-03-30
High
CVE-2022-22996
The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user.
2022-03-29
Medium
CVE-2022-28148
The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing…
2022-03-28
Critical
CVE-2021-45490
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.
Critical
CVE-2022-26255
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column.
2022-03-25
High
CVE-2022-26659
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file…
2022-03-23
Critical
CVE-2022-22952
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrativ…
2022-03-21
Critical
CVE-2022-26184
Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malic…
High
CVE-2022-26183
PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing maliciou…
High
CVE-2020-24772
In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share.…
2022-03-18
High
CVE-2022-22612
A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Proce…
High
CVE-2022-22611
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processin…
Medium
CVE-2020-25182
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to e…
2022-03-17
High
CVE-2022-26503
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.
Medium
CVE-2022-21221
The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backsla…