Windows 7 Security Vulnerabilities

CVE-2024-23593

A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate...

CVE-2024-23594

A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary...

CVE-2023-47039

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system.....

CVE-2023-44216

PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes...

CVE-2023-20588

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of...

CVE-2023-20569

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information...

CVE-2023-34367

Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity...

CVE-2022-35756

Windows Kerberos Elevation of Privilege...

CVE-2022-35759

Windows Local Security Authority (LSA) Denial of Service...

CVE-2022-35758

Windows Kernel Memory Information Disclosure...

CVE-2022-35743

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution...

CVE-2022-35750

Win32k Elevation of Privilege...

CVE-2022-35751

Windows Hyper-V Elevation of Privilege...

CVE-2022-35754

Unified Write Filter Elevation of Privilege...

CVE-2022-35745

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution...

CVE-2022-35753

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution...

CVE-2022-35744

Windows Point-to-Point Protocol (PPP) Remote Code Execution...

CVE-2022-35747

Windows Point-to-Point Protocol (PPP) Denial of Service...

CVE-2022-35752

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution...

CVE-2022-38777

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem...

CVE-2022-42973

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC.....

CVE-2022-42972

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 -.....

CVE-2022-42970

A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows...

CVE-2022-42971

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to....

CVE-2022-38774

An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem...

CVE-2023-21774

Windows Kernel Elevation of Privilege...

CVE-2023-21765

Windows Print Spooler Elevation of Privilege...

CVE-2023-21776

Windows Kernel Information Disclosure...

CVE-2023-21773

Windows Kernel Elevation of Privilege...

CVE-2023-21772

Windows Kernel Elevation of Privilege...

CVE-2023-21748

Windows Kernel Elevation of Privilege...

CVE-2023-21760

Windows Print Spooler Elevation of Privilege...

CVE-2023-21746

Windows NTLM Elevation of Privilege...

CVE-2023-21747

Windows Kernel Elevation of Privilege...

CVE-2023-21750

Windows Kernel Elevation of Privilege...

CVE-2023-21755

Windows Kernel Elevation of Privilege...

CVE-2023-21757

Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service...

CVE-2023-21754

Windows Kernel Elevation of Privilege...

CVE-2023-21752

Windows Backup Service Elevation of Privilege...

CVE-2023-21749

Windows Kernel Elevation of Privilege...

CVE-2023-21728

Windows Netlogon Denial of Service...

CVE-2023-21732

Microsoft ODBC Driver Remote Code Execution...

CVE-2023-21730

Microsoft Cryptographic Services Elevation of Privilege...

CVE-2023-21726

Windows Credential Manager User Interface Elevation of Privilege...

CVE-2023-21679

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution...

CVE-2023-21682

Windows Point-to-Point Protocol (PPP) Information Disclosure...

CVE-2023-21680

Windows Win32k Elevation of Privilege...

CVE-2023-21563

BitLocker Security Feature Bypass...

CVE-2023-21561

Microsoft Cryptographic Services Elevation of Privilege...

CVE-2023-21560

Windows Boot Manager Security Feature Bypass...