U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Windows
  • Search Type: Search All
  • CPE Name Search: false
There are 11,886 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2024-8926

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

Published: October 08, 2024; 12:15:10 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-25707

There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code.

Published: October 04, 2024; 2:15:06 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-7826

Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.

Published: October 03, 2024; 1:15:15 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-7825

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.

Published: October 03, 2024; 1:15:15 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-7824

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.

Published: October 03, 2024; 1:15:14 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-0125

NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service.

Published: October 03, 2024; 1:15:14 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-0124

NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service.

Published: October 03, 2024; 1:15:14 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-0123

NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.

Published: October 03, 2024; 1:15:14 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-47611

XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters (for example, filenames) that don't exist in the current legacy code page, the characters are converted to similar-looking characters with best-fit mapping. Some best-fit mappings result in ASCII characters that change the meaning of the command line, which can be exploited with malicious filenames to do argument injection or directory traversal attacks. This vulnerability is fixed in 5.6.3. Command line tools built for Cygwin or MSYS2 are unaffected. liblzma is unaffected.

Published: October 02, 2024; 11:15:14 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-44193

A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges.

Published: October 02, 2024; 11:15:14 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-8885

A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files.

Published: October 02, 2024; 9:15:12 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-9194

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766.

Published: September 30, 2024; 7:15:02 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-7400

The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.

Published: September 27, 2024; 3:15:03 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-6769

A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt.

Published: September 26, 2024; 5:15:07 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-9203

A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 6.10.1 is able to address this issue. It is recommended to upgrade the affected component.

Published: September 26, 2024; 1:15:04 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-8405

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack. Note: This CVE has been split from CVE-2024-4712.

Published: September 25, 2024; 10:15:03 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-8404

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server. Note: This CVE has been split from CVE-2024-3037.

Published: September 25, 2024; 10:15:02 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-45750

An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Client MacOS 2.4.10 (and older) allows a remote attacker to execute arbitrary code via the IKEv2 Authentication phase, it accepts malformed ECDSA signatures and establishes the tunnel.

Published: September 25, 2024; 2:15:05 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-8996

Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2

Published: September 25, 2024; 1:15:19 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-8975

Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1.

Published: September 25, 2024; 1:15:19 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)