Windows 11 23h2 Security Vulnerabilities and Issues — Windows 11 23h2 CVE List

Lucene search

MicrosoftWindows 11 23h2

36 matches found

CVE•added 2025/06/10 5:22 p.m.•300 views

CVE-2025-33065

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2025/06/10 5:22 p.m.•297 views

CVE-2025-33052

Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

5.5CVSS5.3AI score0.00124EPSS

CVE•added 2025/06/10 5:22 p.m.•282 views

CVE-2025-33053

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

8.8CVSS8.8AI score0.21703EPSS

CVE•added 2025/06/10 5:23 p.m.•221 views

CVE-2025-33073

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

8.8CVSS8.7AI score0.00326EPSS

CVE•added 2025/06/10 5:23 p.m.•109 views

CVE-2025-47160

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

5.4CVSS5.4AI score0.00075EPSS

CVE•added 2025/06/10 5:21 p.m.•107 views

CVE-2025-24068

Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.3AI score0.00048EPSS

CVE•added 2025/06/10 5:22 p.m.•98 views

CVE-2025-33059

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2025/06/10 5:22 p.m.•87 views

CVE-2025-32720

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00093EPSS

CVE•added 2025/06/10 5:22 p.m.•75 views

CVE-2025-33070

Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.

8.1CVSS8AI score0.00203EPSS

CVE•added 2025/06/10 5:21 p.m.•72 views

CVE-2025-24069

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2025/06/10 5:21 p.m.•70 views

CVE-2025-29828

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.

8.1CVSS8.2AI score0.00144EPSS

CVE•added 2025/06/10 5:22 p.m.•67 views

CVE-2025-33067

Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.

8.4CVSS8.3AI score0.00062EPSS

CVE•added 2025/06/10 5:22 p.m.•65 views

CVE-2025-32722

Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.

5.5CVSS5.3AI score0.00045EPSS

CVE•added 2025/06/10 5:21 p.m.•64 views

CVE-2025-32715

Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.

6.5CVSS6.2AI score0.00064EPSS

CVE•added 2025/06/10 5:22 p.m.•64 views

CVE-2025-33055

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2025/06/10 5:24 p.m.•63 views

CVE-2025-47955

Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

7.8CVSS7.7AI score0.00052EPSS

CVE•added 2025/06/10 5:22 p.m.•59 views

CVE-2025-33061

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2025/06/10 5:23 p.m.•59 views

CVE-2025-33075

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.

7.8CVSS7.6AI score0.00086EPSS

CVE•added 2025/06/10 5:22 p.m.•57 views

CVE-2025-33066

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

8.8CVSS9.1AI score0.00072EPSS

CVE•added 2025/06/10 5:24 p.m.•57 views

CVE-2025-47969

Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.

4.4CVSS4.4AI score0.00064EPSS

CVE•added 2025/06/10 5:22 p.m.•56 views

CVE-2025-33060

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2025/06/10 5:21 p.m.•55 views

CVE-2025-32712

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

7.8CVSS8AI score0.00057EPSS

CVE•added 2025/06/10 5:22 p.m.•55 views

CVE-2025-33056

Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.

7.5CVSS7.3AI score0.00133EPSS

CVE•added 2025/06/10 5:22 p.m.•55 views

CVE-2025-33062

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2025/06/10 5:22 p.m.•53 views

CVE-2025-33064

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

8.8CVSS9.1AI score0.00089EPSS

CVE•added 2025/06/10 5:21 p.m.•52 views

CVE-2025-24065

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2025/06/10 5:21 p.m.•52 views

CVE-2025-32718

Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.

7.8CVSS7.7AI score0.00078EPSS

CVE•added 2025/06/10 5:22 p.m.•52 views

CVE-2025-32724

Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

7.5CVSS7.4AI score0.11772EPSS

CVE•added 2025/06/10 5:22 p.m.•51 views

CVE-2025-32719

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2025/06/10 5:22 p.m.•50 views

CVE-2025-33063

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2025/06/10 5:21 p.m.•49 views

CVE-2025-32713

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

7.8CVSS7.8AI score0.00057EPSS

CVE•added 2025/06/10 5:22 p.m.•48 views

CVE-2025-32721

Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.

7.3CVSS7.1AI score0.00071EPSS

CVE•added 2025/06/10 5:22 p.m.•48 views

CVE-2025-33057

Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

6.5CVSS6.3AI score0.00187EPSS

CVE•added 2025/06/10 5:21 p.m.•47 views

CVE-2025-32716

Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.

7.8CVSS7.5AI score0.00057EPSS

CVE•added 2025/06/10 5:22 p.m.•47 views

CVE-2025-33058

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2025/06/10 5:21 p.m.•46 views

CVE-2025-32714

Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.

7.8CVSS7.6AI score0.00052EPSS