U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Windows
  • Search Type: Search All
  • CPE Name Search: false
There are 11,774 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2024-20430

A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.  This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges. 

Published: September 12, 2024; 4:15:04 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-6510

Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.

Published: September 12, 2024; 11:18:26 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-7890

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

Published: September 11, 2024; 7:15:10 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-7889

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

Published: September 11, 2024; 7:15:10 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-8690

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.

Published: September 11, 2024; 1:15:14 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-5760

The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. This is only applicable for products in the application released or manufactured before 2018.

Published: September 11, 2024; 12:15:08 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-43495

Windows libarchive Remote Code Execution Vulnerability

Published: September 10, 2024; 1:15:36 PM -0400
V4.0:(not available)
V3.1: 7.3 HIGH
V2.0:(not available)
CVE-2024-43491

Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support.

Published: September 10, 2024; 1:15:36 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-43487

Windows Mark of the Web Security Feature Bypass Vulnerability

Published: September 10, 2024; 1:15:36 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-43475

Microsoft Windows Admin Center Information Disclosure Vulnerability

Published: September 10, 2024; 1:15:35 PM -0400
V4.0:(not available)
V3.1: 7.3 HIGH
V2.0:(not available)
CVE-2024-43467

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Published: September 10, 2024; 1:15:34 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-43461

Windows MSHTML Platform Spoofing Vulnerability

Published: September 10, 2024; 1:15:33 PM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-43458

Windows Networking Information Disclosure Vulnerability

Published: September 10, 2024; 1:15:33 PM -0400
V4.0:(not available)
V3.1: 7.7 HIGH
V2.0:(not available)
CVE-2024-43457

Windows Setup and Deployment Elevation of Privilege Vulnerability

Published: September 10, 2024; 1:15:33 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-43455

Windows Remote Desktop Licensing Service Spoofing Vulnerability

Published: September 10, 2024; 1:15:32 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-43454

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Published: September 10, 2024; 1:15:32 PM -0400
V4.0:(not available)
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2024-38263

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Published: September 10, 2024; 1:15:32 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-38260

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Published: September 10, 2024; 1:15:32 PM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-38258

Windows Remote Desktop Licensing Service Information Disclosure Vulnerability

Published: September 10, 2024; 1:15:31 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-38256

Windows Kernel-Mode Driver Information Disclosure Vulnerability

Published: September 10, 2024; 1:15:31 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)