Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Windows
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-26200 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Published: April 09, 2024; 1:15:37 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-26183 |
Windows Kerberos Denial of Service Vulnerability Published: April 09, 2024; 1:15:36 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-26179 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Published: April 09, 2024; 1:15:36 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-26172 |
Windows DWM Core Library Information Disclosure Vulnerability Published: April 09, 2024; 1:15:36 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-21447 |
Windows Authentication Elevation of Privilege Vulnerability Published: April 09, 2024; 1:15:35 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-20693 |
Windows Kernel Elevation of Privilege Vulnerability Published: April 09, 2024; 1:15:33 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-20670 |
Outlook for Windows Spoofing Vulnerability Published: April 09, 2024; 1:15:32 PM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2024-2224 |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 Published: April 09, 2024; 9:15:33 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2223 |
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 Published: April 09, 2024; 9:15:33 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23584 |
The NMAP Importer service may expose data store credentials to authorized users of the Windows Registry. Published: April 08, 2024; 7:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-0083 |
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure. Published: April 08, 2024; 6:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-0082 |
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering Published: April 08, 2024; 6:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25029 |
IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619. Published: April 06, 2024; 8:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23592 |
An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication. Published: April 05, 2024; 5:15:08 PM -0400 |
V3.1: 6.3 MEDIUM V2.0:(not available) |
CVE-2024-0080 |
NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service. Published: April 05, 2024; 2:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-31028 |
NVIDIA nvJPEG2000 Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service. Published: April 05, 2024; 2:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29863 |
A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause code to be executed in the context of a Windows Administrator. Published: April 05, 2024; 3:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31498 |
Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator. Published: April 04, 2024; 7:15:16 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25705 |
There is a cross site scripting vulnerability in the Esri Portal for ArcGIS Experience Builder 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are low. Published: April 04, 2024; 2:15:12 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25703 |
There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Published: April 04, 2024; 2:15:12 PM -0400 |
V3.x:(not available) V2.0:(not available) |