Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows 11
Subscriptions
Total
622 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30197 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-20 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2022-30194 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | 7.5 High |
| Windows WebBrowser Control Remote Code Execution Vulnerability | ||||
| CVE-2022-30144 | 1 Microsoft | 4 Windows 10, Windows 11, Windows 8.1 and 1 more | 2023-12-20 | 7.5 High |
| Windows Bluetooth Service Remote Code Execution Vulnerability | ||||
| CVE-2022-30133 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-20 | 9.8 Critical |
| Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | ||||
| CVE-2022-34303 | 3 Eurosoft-uk, Microsoft, Redhat | 10 Uefi Bootloader, Windows 10, Windows 11 and 7 more | 2023-11-14 | 6.7 Medium |
| A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | ||||
| CVE-2022-34302 | 3 Horizondatasys, Microsoft, Redhat | 10 Uefi Bootloader, Windows 10, Windows 11 and 7 more | 2023-11-14 | 6.7 Medium |
| A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | ||||
| CVE-2022-34301 | 3 Kidan, Microsoft, Redhat | 10 Cryptopro Securedisk For Bitlocker, Windows 10, Windows 11 and 7 more | 2023-11-14 | 6.7 Medium |
| A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | ||||
| CVE-2023-44216 | 7 Amd, Apple, Canonical and 4 more | 16 Ryzen 5 7600x, Ryzen 7 4800u, M1 Mac Mini and 13 more | 2023-10-05 | 5.3 Medium |
| PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin. | ||||
| CVE-2023-20560 | 2 Amd, Microsoft | 4 Ryzen Master, Ryzen Master Monitoring Sdk, Windows 10 and 1 more | 2023-08-23 | 4.4 Medium |
| Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service. | ||||
| CVE-2023-20564 | 2 Amd, Microsoft | 4 Ryzen Master, Ryzen Master Monitoring Sdk, Windows 10 and 1 more | 2023-08-23 | 6.7 Medium |
| Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution. | ||||
| CVE-2023-29411 | 2 Microsoft, Schneider-electric | 7 Windows 10, Windows 11, Windows Server 2016 and 4 more | 2023-04-28 | 9.8 Critical |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface. | ||||
| CVE-2023-29413 | 2 Microsoft, Schneider-electric | 7 Windows 10, Windows 11, Windows Server 2016 and 4 more | 2023-04-28 | 7.5 High |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service. | ||||
| CVE-2022-42970 | 2 Microsoft, Schneider-electric | 8 Windows 10, Windows 11, Windows 7 and 5 more | 2023-02-08 | 9.8 Critical |
| A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | ||||
| CVE-2022-42971 | 2 Microsoft, Schneider-electric | 8 Windows 10, Windows 11, Windows 7 and 5 more | 2023-02-08 | 9.8 Critical |
| A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | ||||
| CVE-2022-42972 | 2 Microsoft, Schneider-electric | 8 Windows 10, Windows 11, Windows 7 and 5 more | 2023-02-08 | 7.8 High |
| A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | ||||
| CVE-2022-42973 | 2 Microsoft, Schneider-electric | 8 Windows 10, Windows 11, Windows 7 and 5 more | 2023-02-08 | 7.8 High |
| A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | ||||
| CVE-2022-33973 | 2 Intel, Microsoft | 3 Wlan Authentication And Privacy Infrastructure, Windows 10, Windows 11 | 2022-11-16 | 3.3 Low |
| Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2013-3900 | 1 Microsoft | 13 Windows 10, Windows 11, Windows 7 and 10 more | 2022-11-02 | N/A |
| The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability." | ||||
| CVE-2022-32230 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server 2019 | 2022-06-23 | 7.5 High |
| Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot. | ||||
| CVE-2021-33110 | 2 Intel, Microsoft | 17 Ac 1550 Firmware, Ac 3165 Firmware, Ac 3168 Firmware and 14 more | 2022-02-15 | 6.5 Medium |
| Improper input validation for some Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11 before version 22.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||