U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Windows
  • Search Type: Search All
  • CPE Name Search: false
There are 11,889 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2024-38250

Windows Graphics Component Elevation of Privilege Vulnerability

Published: September 10, 2024; 1:15:30 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-38249

Windows Graphics Component Elevation of Privilege Vulnerability

Published: September 10, 2024; 1:15:30 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-38248

Windows Storage Elevation of Privilege Vulnerability

Published: September 10, 2024; 1:15:29 PM -0400
V4.0:(not available)
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2024-38247

Windows Graphics Component Elevation of Privilege Vulnerability

Published: September 10, 2024; 1:15:29 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-38240

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Published: September 10, 2024; 1:15:27 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-38239

Windows Kerberos Elevation of Privilege Vulnerability

Published: September 10, 2024; 1:15:27 PM -0400
V4.0:(not available)
V3.1: 7.2 HIGH
V2.0:(not available)
CVE-2024-38235

Windows Hyper-V Denial of Service Vulnerability

Published: September 10, 2024; 1:15:26 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-38234

Windows Networking Denial of Service Vulnerability

Published: September 10, 2024; 1:15:26 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-38233

Windows Networking Denial of Service Vulnerability

Published: September 10, 2024; 1:15:26 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-38232

Windows Networking Denial of Service Vulnerability

Published: September 10, 2024; 1:15:26 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-38231

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

Published: September 10, 2024; 1:15:26 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-38230

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Published: September 10, 2024; 1:15:25 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-38217

Windows Mark of the Web Security Feature Bypass Vulnerability

Published: September 10, 2024; 1:15:24 PM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2024-38119

Windows Network Address Translation (NAT) Remote Code Execution Vulnerability

Published: September 10, 2024; 1:15:23 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-38045

Windows TCP/IP Remote Code Execution Vulnerability

Published: September 10, 2024; 1:15:21 PM -0400
V4.0:(not available)
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2024-38014

Windows Installer Elevation of Privilege Vulnerability

Published: September 10, 2024; 1:15:20 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-30073

Windows Security Zone Mapping Security Feature Bypass Vulnerability

Published: September 10, 2024; 1:15:16 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-21416

Windows TCP/IP Remote Code Execution Vulnerability

Published: September 10, 2024; 1:15:15 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-45412

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial of service with attacks such as One Million Unicode payload. This can get worse with the use of special Unicode characters like U+2100 (?), or U+2105 (?) which could lead the payload size to be tripled. Versions prior to 2.1.11 are affected by this vulnerability. The patch is included in 2.1.11.

Published: September 10, 2024; 12:15:20 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.

Published: September 07, 2024; 12:15:02 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)