Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:-:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-20564 |
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution. Published: August 15, 2023; 6:15:11 PM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2023-20560 |
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service. Published: August 15, 2023; 6:15:09 PM -0400 |
V3.1: 4.4 MEDIUM V2.0:(not available) |
CVE-2023-29413 |
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service. Published: April 18, 2023; 5:15:09 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-29412 |
A CWE-78: Improper Handling of Case Sensitivity vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface. Published: April 18, 2023; 5:15:09 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-29411 |
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface. Published: April 18, 2023; 5:15:09 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-42973 |
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) Published: January 31, 2023; 11:15:09 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-42972 |
A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) Published: January 31, 2023; 11:15:09 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-42971 |
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) Published: January 31, 2023; 11:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-42970 |
A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) Published: January 31, 2023; 11:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-44702 |
Windows Terminal Remote Code Execution Vulnerability Published: December 13, 2022; 2:15:14 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-33973 |
Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access. Published: November 11, 2022; 11:15:15 AM -0500 |
V3.1: 3.3 LOW V2.0:(not available) |
CVE-2022-34303 |
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Published: August 26, 2022; 2:15:09 PM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2022-34302 |
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Published: August 26, 2022; 2:15:09 PM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2022-34301 |
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Published: August 26, 2022; 2:15:09 PM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2022-30147 |
Windows Installer Elevation of Privilege Vulnerability Published: June 15, 2022; 6:15:13 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-30142 |
Windows File History Remote Code Execution Vulnerability Published: June 15, 2022; 6:15:13 PM -0400 |
V3.1: 7.5 HIGH V2.0: 7.6 HIGH |
CVE-2022-30132 |
Windows Container Manager Service Elevation of Privilege Vulnerability Published: June 15, 2022; 6:15:13 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-32230 |
Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot. Published: June 14, 2022; 6:15:10 PM -0400 |
V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2022-24508 |
Win32 File Enumeration Remote Code Execution Vulnerability Published: March 09, 2022; 12:15:15 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2022-24507 |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Published: March 09, 2022; 12:15:15 PM -0500 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |