Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Windows
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-21434 |
Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability Published: March 12, 2024; 1:15:52 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-21433 |
Windows Print Spooler Elevation of Privilege Vulnerability Published: March 12, 2024; 1:15:52 PM -0400 |
V3.1: 7.0 HIGH V2.0:(not available) |
CVE-2024-21432 |
Windows Update Stack Elevation of Privilege Vulnerability Published: March 12, 2024; 1:15:51 PM -0400 |
V3.1: 7.0 HIGH V2.0:(not available) |
CVE-2024-21430 |
Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability Published: March 12, 2024; 1:15:51 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-21429 |
Windows USB Hub Driver Remote Code Execution Vulnerability Published: March 12, 2024; 1:15:51 PM -0400 |
V3.1: 6.8 MEDIUM V2.0:(not available) |
CVE-2024-21427 |
Windows Kerberos Security Feature Bypass Vulnerability Published: March 12, 2024; 1:15:51 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-21408 |
Windows Hyper-V Denial of Service Vulnerability Published: March 12, 2024; 1:15:50 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-21407 |
Windows Hyper-V Remote Code Execution Vulnerability Published: March 12, 2024; 1:15:49 PM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2024-24964 |
Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows client is installed. Published: March 12, 2024; 4:15:45 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-21805 |
Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product's Windows client is installed. In case the file is a specially crafted DLL file, arbitrary code may be executed with SYSTEM privilege. Published: March 12, 2024; 4:15:45 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-0670 |
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges Published: March 11, 2024; 11:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2044 |
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution. Published: March 07, 2024; 4:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27308 |
Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some applications, invalid tokens may be ignored or cause a warning or a crash. On the other hand, for applications that store pointers in the tokens, this vulnerability may result in a use-after-free. For users of Tokio, this vulnerability is serious and can result in a use-after-free in Tokio. The vulnerability is Windows-specific, and can only happen if you are using named pipes. Other IO resources are not affected. This vulnerability has been fixed in mio v0.8.11. All versions of mio between v0.7.2 and v0.8.10 are vulnerable. Tokio is vulnerable when you are using a vulnerable version of mio AND you are using at least Tokio v1.30.0. Versions of Tokio prior to v1.30.0 will ignore invalid tokens, so they are not vulnerable. Vulnerable libraries that use mio can work around this issue by detecting and ignoring invalid tokens. Published: March 06, 2024; 3:15:47 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27303 |
electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer. Published: March 06, 2024; 2:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-20301 |
A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. This vulnerability is due to a failure to invalidate locally created trusted sessions after a reboot of the affected device. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permissions. Published: March 06, 2024; 12:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-20292 |
A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text. Published: March 06, 2024; 12:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24278 |
An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function. Published: March 05, 2024; 6:15:07 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24276 |
Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components. Published: March 05, 2024; 6:15:07 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24275 |
Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function. Published: March 05, 2024; 6:15:07 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1470 |
Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6. Published: February 28, 2024; 8:43:51 PM -0500 |
V3.x:(not available) V2.0:(not available) |