High
CVE-2022-25252
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not…
Tag: Microsoft Windows
All CVEs associated with "Microsoft Windows". Page 42/121 • 14516 CVEs.
Subscribe CVEs: RSS for “Microsoft Windows” · RSS (High+Critical only)
About “Microsoft Windows”
A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14516 CVEs for this tag (all time). In the last 365 days, 1677 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').
In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2022-03-16
Critical
CVE-2022-25251
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper a…
High
CVE-2022-25250
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authenticat…
High
CVE-2022-25249
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, whi…
Medium
CVE-2022-25248
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service.
Critical
CVE-2022-25247
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of thi…
Critical
CVE-2022-25246
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a r…
2022-03-12
Critical
CVE-2022-24760
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in th…
2022-03-11
High
CVE-2022-25216
An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has…
Critical
CVE-2022-21194
The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6…
2022-03-10
High
CVE-2022-0280
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary f…
Medium
CVE-2022-26778
Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has suffic…
High
CVE-2022-26488
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the s…
High
CVE-2022-25294
Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. Al…
Medium
CVE-2022-24960
A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 o…
High
CVE-2022-24644
ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affec…
High
CVE-2022-24618
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder…
Medium
CVE-2022-22795
Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and n…
Low
CVE-2022-21170
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (V…
2022-03-09
High
CVE-2022-24753
Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files.…
High
CVE-2022-24525
Windows Update Stack Elevation of Privilege Vulnerability
High
CVE-2022-24507
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
High
CVE-2022-24505
Windows ALPC Elevation of Privilege Vulnerability
Medium
CVE-2022-24502
Windows HTML Platforms Security Feature Bypass Vulnerability
High
CVE-2022-24460
Tablet Windows User Interface Application Elevation of Privilege Vulnerability
High
CVE-2022-24459
Windows Fax and Scan Service Elevation of Privilege Vulnerability
High
CVE-2022-24455
Windows CD-ROM Driver Elevation of Privilege Vulnerability
High
CVE-2022-24454
Windows Security Support Provider Interface Elevation of Privilege Vulnerability
High
CVE-2022-23299
Windows PDEV Elevation of Privilege Vulnerability
High
CVE-2022-23298
Windows NT OS Kernel Elevation of Privilege Vulnerability
Medium
CVE-2022-23297
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
High
CVE-2022-23296
Windows Installer Elevation of Privilege Vulnerability
High
CVE-2022-23294
Windows Event Tracing Remote Code Execution Vulnerability
High
CVE-2022-23293
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
High
CVE-2022-23291
Windows DWM Core Library Elevation of Privilege Vulnerability
High
CVE-2022-23290
Windows Inking COM Elevation of Privilege Vulnerability
High
CVE-2022-23288
Windows DWM Core Library Elevation of Privilege Vulnerability
High
CVE-2022-23287
Windows ALPC Elevation of Privilege Vulnerability
High
CVE-2022-23286
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
High
CVE-2022-23284
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-23283
Windows ALPC Elevation of Privilege Vulnerability
Medium
CVE-2022-23281
Windows Common Log File System Driver Information Disclosure Vulnerability
Medium
CVE-2022-23253
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
Medium
CVE-2022-21975
Windows Hyper-V Denial of Service Vulnerability
Medium
CVE-2022-21973
Windows Media Center Update Denial of Service Vulnerability
High
CVE-2022-21967
Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability
High
CVE-2022-25943
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
2022-03-07
High
CVE-2021-4199
Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Sec…
2022-03-03
Medium
CVE-2022-22943
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where…
High
CVE-2022-23648
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’…
2022-02-28
Medium
CVE-2021-24820
The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on W…
2022-02-26
Medium
CVE-2021-46702
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the oni…
2022-02-24
High
CVE-2020-14481
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows…
Medium
CVE-2020-14480
Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials.
2022-02-21
High
CVE-2022-24295
Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL.
Medium
CVE-2022-0564
A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests t…
2022-02-20
High
CVE-2022-25372
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
2022-02-19
High
CVE-2022-25365
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.
2022-02-15
High
CVE-2021-43940
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Conflu…
2022-02-14
Critical
CVE-2022-23992
XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands…
High
CVE-2019-16864
CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as…
High
CVE-2022-25150
In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges.
2022-02-12
High
CVE-2022-22765
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected h…
2022-02-11
High
CVE-2022-0483
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53
2022-02-10
Low
CVE-2022-0021
An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when auth…
Medium
CVE-2022-0018
An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when…
High
CVE-2022-0017
An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes…
High
CVE-2022-0016
An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SY…
2022-02-09
Medium
CVE-2022-22780
The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version…
Low
CVE-2022-22779
The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and…
High
CVE-2022-22528
SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to…
Medium
CVE-2021-33114
Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an authenticated user to potentially enable denial of…
High
CVE-2021-33113
Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial…
Medium
CVE-2021-33110
Improper input validation for some Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11 before version 22.80 may allow an unauthenticated user to potentia…
Medium
CVE-2021-0183
Improper Validation of Specified Index, Position, or Offset in Input in software for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 m…
Medium
CVE-2021-0179
Improper Use of Validation Framework in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service…
Medium
CVE-2021-0178
Improper input validation in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjace…
Medium
CVE-2021-0177
Improper Validation of Consistency within input in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial…
Medium
CVE-2021-0176
Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially e…
Medium
CVE-2021-0175
Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 m…
Medium
CVE-2021-0174
Improper Use of Validation Framework in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user…
Medium
CVE-2021-0173
Improper Validation of Consistency within input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenti…
Medium
CVE-2021-0172
Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potenti…
Medium
CVE-2021-0171
Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local…
Medium
CVE-2021-0170
Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a…
Medium
CVE-2021-0169
Uncontrolled Search Path Element in software for Intel(R) PROSet/Wireless Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access.
Medium
CVE-2021-0168
Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially e…
Medium
CVE-2021-0167
Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local ac…
Medium
CVE-2021-0166
Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a…
Medium
CVE-2021-0165
Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enabl…
High
CVE-2021-0164
Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable…
High
CVE-2021-0163
Improper Validation of Consistency within input in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escala…
High
CVE-2021-0162
Improper input validation in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via…
Medium
CVE-2021-0161
Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable esca…
Medium
CVE-2021-0076
Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 m…
Medium
CVE-2021-0072
Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially e…
High
CVE-2021-0066
Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enabl…
High
CVE-2022-22718
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-22717
Windows Print Spooler Elevation of Privilege Vulnerability
Medium
CVE-2022-22712
Windows Hyper-V Denial of Service Vulnerability
Medium
CVE-2022-22710
Windows Common Log File System Driver Denial of Service Vulnerability
Medium
CVE-2022-22002
Windows User Account Profile Picture Denial of Service Vulnerability
High
CVE-2022-22001
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
High
CVE-2022-22000
Windows Common Log File System Driver Elevation of Privilege Vulnerability
High
CVE-2022-21999
Windows Print Spooler Elevation of Privilege Vulnerability
Medium
CVE-2022-21998
Windows Common Log File System Driver Information Disclosure Vulnerability
High
CVE-2022-21997
Windows Print Spooler Elevation of Privilege Vulnerability
High
CVE-2022-21995
Windows Hyper-V Remote Code Execution Vulnerability
High
CVE-2022-21994
Windows DWM Core Library Elevation of Privilege Vulnerability
High
CVE-2022-21993
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
High
CVE-2022-21992
Windows Mobile Device Management Remote Code Execution Vulnerability
High
CVE-2022-21989
Windows Kernel Elevation of Privilege Vulnerability
Medium
CVE-2022-21985
Windows Remote Access Connection Manager Information Disclosure Vulnerability
High
CVE-2022-21984
Windows DNS Server Remote Code Execution Vulnerability
High
CVE-2022-21981
Windows Common Log File System Driver Elevation of Privilege Vulnerability
High
CVE-2022-21971
Windows Runtime Remote Code Execution Vulnerability
High
CVE-2021-37852
ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.
2022-02-07
Medium
CVE-2022-21815
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user m…
2022-02-06
Critical
CVE-2021-41816
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different n…
Critical
CVE-2013-20004
A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by tr…