U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
There are 5,795 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2024-0725

A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251548.

Published: January 19, 2024; 1:15:08 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2024-0723

A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251547.

Published: January 19, 2024; 12:15:08 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-40683

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005.

Published: January 18, 2024; 8:15:08 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-38738

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594.

Published: January 18, 2024; 8:15:08 PM -0500
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2023-35020

IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874.

Published: January 18, 2024; 8:15:08 PM -0500
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2024-22410

Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute arbitrary code. It is the view of the blockchain development team that the threat posed by a hypothetical binary planting attack is minimal and represents a low-security risk. The vulnerable DLL files are from the Windows networking subsystem, the Visual C++ runtime, and low-level cryptographic primitives. Collectively these dependencies are required for a large ecosystem of applications, ranging from enterprise-level security applications to game engines, and don’t represent a fundamental lack of security or oversight in the design and implementation of Creditcoin. The blockchain team takes the stance that running Creditcoin on Windows is officially unsupported and at best should be thought of as experimental.

Published: January 17, 2024; 4:15:11 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-6335

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

Published: January 16, 2024; 3:15:45 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-6334

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7.

Published: January 16, 2024; 3:15:45 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-5097

Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.

Published: January 16, 2024; 3:15:45 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-49107

Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before 8.8.5-04.

Published: January 15, 2024; 8:15:34 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-49106

Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04.

Published: January 15, 2024; 8:15:34 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-49647

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.

Published: January 12, 2024; 5:15:45 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-31036

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Published: January 12, 2024; 12:15:09 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-40250

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.

Published: January 11, 2024; 9:15:44 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-51751

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.

Published: January 11, 2024; 9:15:44 AM -0500
V3.1: 6.8 MEDIUM
V2.0:(not available)
CVE-2023-51750

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."

Published: January 11, 2024; 9:15:44 AM -0500
V3.1: 4.6 MEDIUM
V2.0:(not available)
CVE-2024-20715

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 10, 2024; 8:15:49 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-20714

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 10, 2024; 8:15:49 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-20713

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 10, 2024; 8:15:49 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-20712

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 10, 2024; 8:15:49 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)