Export limit exceeded: 335258 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335258 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1469 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24459 | 1 Microsoft | 23 Windows 10, Windows 10 1507, Windows 10 1607 and 20 more | 2025-07-08 | 7.8 High |
| Windows Fax and Scan Service Elevation of Privilege Vulnerability | ||||
| CVE-2022-24503 | 1 Microsoft | 24 Remote Desktop, Remote Desktop Client, Windows 10 and 21 more | 2025-07-08 | 5.4 Medium |
| Remote Desktop Protocol Client Information Disclosure Vulnerability | ||||
| CVE-2022-24454 | 1 Microsoft | 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more | 2025-07-08 | 7.8 High |
| Windows Security Support Provider Interface Elevation of Privilege Vulnerability | ||||
| CVE-2022-24502 | 1 Microsoft | 23 Windows 10, Windows 10 1507, Windows 10 1607 and 20 more | 2025-07-08 | 4.3 Medium |
| Windows HTML Platforms Security Feature Bypass Vulnerability | ||||
| CVE-2022-23299 | 1 Microsoft | 23 Windows 10, Windows 10 1507, Windows 10 1607 and 20 more | 2025-07-08 | 7.8 High |
| Windows PDEV Elevation of Privilege Vulnerability | ||||
| CVE-2022-23298 | 1 Microsoft | 23 Windows 10, Windows 10 1507, Windows 10 1607 and 20 more | 2025-07-08 | 7 High |
| Windows NT OS Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2022-23290 | 1 Microsoft | 23 Windows 10, Windows 10 1507, Windows 10 1607 and 20 more | 2025-07-08 | 7.8 High |
| Windows Inking COM Elevation of Privilege Vulnerability | ||||
| CVE-2022-21990 | 1 Microsoft | 24 Remote Desktop, Windows 10, Windows 10 1507 and 21 more | 2025-07-08 | 8.8 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2023-29362 | 1 Microsoft | 20 Remote Desktop, Remote Desktop Client, Windows 10 1507 and 17 more | 2025-07-07 | 8.8 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2021-34535 | 1 Microsoft | 17 Remote Desktop Client, Windows 10, Windows 10 1507 and 14 more | 2025-07-07 | 8.8 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2022-22015 | 1 Microsoft | 23 Remote Desktop, Remote Desktop Client, Windows 10 and 20 more | 2025-07-07 | 6.5 Medium |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | ||||
| CVE-2021-38665 | 1 Microsoft | 21 Remote Desktop, Remote Desktop Client, Windows 10 and 18 more | 2025-07-07 | 7.4 High |
| Remote Desktop Protocol Client Information Disclosure Vulnerability | ||||
| CVE-2019-1053 | 1 Microsoft | 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more | 2025-05-20 | 6.3 Medium |
| An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require unprivileged execution on the victim system. The security update addresses the vulnerability by correctly validating folder shortcuts. | ||||
| CVE-2019-1049 | 1 Microsoft | 4 Windows 7, Windows Server 2008, Windows Server 2008 R2 and 1 more | 2025-05-20 | 4.7 Medium |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. | ||||
| CVE-2019-1048 | 1 Microsoft | 4 Windows 7, Windows Server 2008, Windows Server 2008 R2 and 1 more | 2025-05-20 | 4.7 Medium |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. | ||||
| CVE-2019-1047 | 1 Microsoft | 4 Windows 7, Windows Server 2008, Windows Server 2008 R2 and 1 more | 2025-05-20 | 4.7 Medium |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. | ||||
| CVE-2019-1046 | 1 Microsoft | 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more | 2025-05-20 | 4.7 Medium |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. | ||||
| CVE-2019-1045 | 1 Microsoft | 9 Windows 10, Windows 10 1507, Windows 7 and 6 more | 2025-05-20 | 7.8 High |
| An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows NFS properly handles objects in memory. | ||||
| CVE-2019-1043 | 1 Microsoft | 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more | 2025-05-20 | 6.4 Medium |
| A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email. The security update addresses the vulnerability by modifying how comctl32.dll handles objects in memory. | ||||
| CVE-2019-1040 | 1 Microsoft | 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more | 2025-05-20 | 5.3 Medium |
| A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit this vulnerability, the attacker would need to tamper with the NTLM exchange. The attacker could then modify flags of the NTLM packet without invalidating the signature. The update addresses the vulnerability by hardening NTLM MIC protection on the server-side. | ||||