573 matches found
CVE-2022-24533
Technical details about CVE-2022-24533 (affected products, components, root cause, versions, fixes) are not provided in the connected documents. The available materials only reiterate a Remote Desktop Protocol RCE without specifics. Monitor for updates.
CVE-2022-24507
CVE-2022-24507 concerns the Windows Ancillary Function Driver for WinSock, describing an elevation of privilege vulnerability. The connected records indicate the issue is tied to WinSock’s ancillary driver and classify the vulnerability with a high-impact profile (CVSS 3.1: LOCAL, LOW privileges ...
CVE-2022-22038
CVE-2022-22038 is a Remote Procedure Call Runtime Remote Code Execution vulnerability. Connected sources note a POC exploit exists and that exploitation would require multiple attempts with high attack complexity, potentially over a network. The available documents do not specify affected product...
CVE-2022-24525
CVE-2022-24525 is a Windows Update Stack Elevation of Privilege vulnerability affecting the Windows Update Stack. The available connected documents confirm a local, privilege-escalation flaw with a CVSSv3.1 base score of 7.0 (High) and Local attack vector, Independent of user interaction. Publicl...
CVE-2022-23281
CVE-2022-23281 corresponds to a Windows Common Log File System Driver information-disclosure vulnerability. Connected sources describe it as an information leak in the CLFS driver, with CNVD noting “excessive data output” as the underlying issue. Impact is a confidentiality risk; CVSS metrics in ...
CVE-2021-43207
Technical details (affected component, root cause, exploitability, and fixes) for CVE-2021-43207 are not provided in the connected documents. Only the vulnerability name and CVSS metrics are present. Monitor official disclosures for specifics.
CVE-2022-21989
CVE-2022-21989 is a Windows Kernel elevation-of-privilege vulnerability. A local attacker can exploit it to escalate privileges and execute code at a higher integrity level, as indicated by Microsoft’s advisory and related coverage. Exploitation requires local access and may depend on additional ...
CVE-2022-24460
Technical details for CVE-2022-24460 are not publicly provided in the supplied documents; no concrete affected product versions or remediation are specified. Monitor for updates.
CVE-2022-24534
Technical details about CVE-2022-24534 are not publicly available in the provided documents. No explicit affected products, root cause, impact, or remediation are described here; monitor for updates.
CVE-2022-37981
CVE-2022-37981 is a DoS vulnerability in Windows Event Logging Service. The CNVD entry states the denial arises from a failure to properly handle incoming error messages, enabling an attacker to cause DoS on the affected Windows component. Affected product is Windows Event Logging Service; impact...
CVE-2022-35794
CVE-2022-35794 refers to a Windows SSTP (Secure Socket Tunneling Protocol) Remote Code Execution vulnerability. The connected sources confirm a vulnerability in the SSTP/Remote Access stack that can enable RCE via a race condition. An unauthenticated attacker could trigger this by sending a craft...
CVE-2022-22019
Technical details for CVE-2022-22019 are not provided in the connected documents. Public details (affected products, exploit info, impact, remediation) are not present here. Monitor for official updates.
CVE-2022-23287
CVE-2022-23287 is described in connected documents as a Windows ALPC elevation of privilege vulnerability. The core issue involves Local privilege escalation via ALPC in Windows; impact is reported as high for confidentiality, integrity, and availability (C/I/A). The CVSS data (3.1) from NVD indi...
CVE-2022-24482
CVE-2022-24482 is a Windows ALPC Elevation of Privilege Vulnerability. The NVD entry shows a CVSS2 base score of 4.4 (LOCAL, medium) and a CVSS3.1 base score of 7.0 (LOCAL, HIGH, with HIGH confidentiality/integrity/availability impact). Connected sources confirm Windows as the affected platform a...
CVE-2022-21845
Public technical details for CVE-2022-21845 are not present in the provided documents. Connected sources reference KBs and KEV listings but do not specify affected components, versions, root cause, or remediation. Monitor for updates.
CVE-2022-22010
Technical details for CVE-2022-22010 are not publicly provided in the supplied documents. No concrete exploit vectors, affected products, or remediation are present here. Monitor for updates from official sources as more information becomes available.
CVE-2022-23294
Technical details about CVE-2022-23294 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2022-26788
No concrete technical details about CVE-2022-26788 are provided in the connected documents. The initial entry only notes a PowerShell Elevation of Privilege vulnerability; monitor for updates in public advisories.
CVE-2022-34303
CVE-2022-34303 describes a Secure Boot bypass in signed 3rd‑party UEFI bootloaders (Eurosoft) where an attacker can substitute the current signed bootloader with a malicious one to load unsigned code in the pre-boot phase. Access to the EFI System Partition is required to boot via external media,...
CVE-2022-22024
CVE-2022-22024 is a Windows Fax Service Remote Code Execution vulnerability. Affected: Windows Fax Service on Windows OS. Root cause: unspecified in the provided docs, but described as a remote code execution vulnerability with network/local access vectors in the CVSS data. Impact: high (CVE metr...
CVE-2022-35822
CVE-2022-35822 is a local security-bypass vulnerability affecting Windows Defender Credential Guard, with high impact to confidentiality and integrity and no availability impact. It requires low privileges and is exploitable with local access and no user interaction. The provided documents do not...
CVE-2022-30223
CVE-2022-30223 affects Windows Hyper-V and is categorized as an information-disclosure vulnerability. The provided data indicate a Confidentiality impact (C) of High with no Integrity or Availability impact (I/N, A/N) and a Medium overall severity (CVSSv3.1 base score 5.7; AV:A, AC:L, PR:L, UI:N,...
CVE-2022-24541
CVE-2022-24541 is described in the initial entry as a Windows Server Service Remote Code Execution vulnerability. Connected material explicitly associates the CVE with a Windows SMB-based remote code execution context, indicating the vulnerability affects the Windows Server service and can enable...
CVE-2022-24454
Technical details for CVE-2022-24454 are not publicly provided in the supplied documents. No affected product/version/impact/fix details are present here. Monitor for updates.
CVE-2022-24546
CVE-2022-24546 is a Windows elevation-of-privilege vulnerability in the DWM Core Library. The CNVD/CNNVD entries describe an incorrect programmatic call to a high-level native procedure in the DWM Core Library that could be exploited to gain higher privileges. The vulnerability is local, requires...
CVE-2022-22013
Technical details about CVE-2022-22013 are not provided in the connected documents; no affected products, root cause, or fixes are specified here. Monitor for updates.
CVE-2022-26903
Technical details about CVE-2022-26903 (affected components, root cause, impact, and fixes) are not provided in the supplied documents. Monitor for updates from Microsoft and CVE databases for official disclosures and remediation information.
CVE-2022-38045
CVE-2022-38045 affects the Windows Server Service (Windows Server) and is categorized as an Elevation of Privilege vulnerability with a CVSSv3 base score of 8.8 (HIGH). The connected OpenVAS/NCSC entries corroborate that this CVE is associated with Windows components and is listed among Microsoft...
CVE-2022-35771
Technical details about CVE-2022-35771 are not provided in the supplied documents; the initial entry lacks affected products, root cause, impact, or remediation information. Monitor for official updates.
CVE-2022-22008
CVE-2022-22008 is a Windows Hyper-V Remote Code Execution vulnerability. Connected sources confirm it affects Microsoft Windows Hyper-V and is a local-vector, post-exploitation risk class with potential for arbitrary code execution via Hyper-V components. The CNVD entry describes a competitive co...
CVE-2022-22015
Technical details about CVE-2022-22015 are not provided in the connected documents. The MSKB entries listed pertain to OS/security updates but do not disclose affected RDP components, exploit specifics, or patch details for this CVE. Monitor for updates.
CVE-2022-29132
Technical details about CVE-2022-29132 (Windows Print Spooler elevation) are not provided in the supplied documents. No affected product/version or remediation is specified here. Monitor for official updates.
CVE-2022-30139
CVE-2022-30139 is an LDAP Remote Code Execution vulnerability in Windows LDAP/AD environments. The exploitability relies on a misconfiguration: the MaxReceiveBuffer policy for LDAP must be set higher than the default for the vulnerability to be exploitable. Some LDAP RCE variants (including CVE-2...
CVE-2022-26913
CVE-2022-26913 is a Windows authentication information-disclosure vulnerability. The available connected data identifies affected software broadly as Windows operating systems and notes exploitation would involve information disclosure through the Windows authentication process. Public documentat...
CVE-2022-29126
Technical details for CVE-2022-29126 are not provided in the supplied documents; no affected products, root cause, or remediation are specified here. Monitor for updates from the referenced sources.
CVE-2022-30141
CVE-2022-30141 is listed as one of seven high‑level LDAP remote code execution vulnerabilities disclosed for Windows LDAP during Patch Tuesday 2022. The linked Avleonov post explicitly groups CVE-2022-30141 among Windows LDAP RCEs and notes that for three LDAP CVEs (including this one) an affecte...
CVE-2021-26441
CVE-2021-26441 is a local-elevation vulnerability in the Storage Spaces Controller. CVSSv3.1 base 7.8 (HIGH): LOCAL vector, LOW privileges required, no user interaction; impacts on confidentiality, integrity, and availability are High. The provided documents do not specify affected product/versio...
CVE-2022-21874
CVE-2022-21874 is a Windows Security Center API RCE vulnerability. Public details in the connected documents describe it as an RCE in the Windows Security Center API with a CVSS v3.1 base score of 7.8 (High) and a Local attack vector requiring user interaction for exploitation. Exploitation conte...
CVE-2022-21983
CVE-2022-21983 is a Win32 Stream Enumeration Remote Code Execution vulnerability. The connected sources show an in-scope CVE with a network attack vector and high impact: CVSSv3.1 base score 7.5 (HIGH), with no authentication (NONE) and user interaction required (REQUIRED); confidentiality, integ...
CVE-2022-21893
Technical details about CVE-2022-21893 are not provided in the connected documents. The supplied sources include high-level vulnerability descriptions and update references, but no specifics on affected products/versions or fixes. Monitor for updated, concrete disclosures.
CVE-2022-34714
Technical details about CVE-2022-34714 are not provided in the attached documents. The connected items do not describe affected products, root cause, impact, or remediation for this CVE. Monitor for updates.
CVE-2022-21984
CVE-2022-21984 is a Windows DNS Server Remote Code Execution vulnerability. The issue affects Windows DNS Server when dynamic updates are enabled, potentially allowing an attacker to take over the DNS server and execute code with elevated privileges. Mitigation in the provided documents points to...
CVE-2022-35769
Technical details for CVE-2022-35769 (Windows PPP DoS) are not provided in the supplied documents. No affected product/version or remediation is described here. Monitor for updates from Microsoft and Vulners for confirmed specifics.
CVE-2022-35792
Technical details (affected product/versions, root cause, exploit information, and remediation) are not provided in the connected documents for CVE-2022-35792. Monitor for updates.
CVE-2022-44707
Technical details about CVE-2022-44707 are not provided in the supplied documents. The connected set does not describe affected products/versions or remediation; monitor for updates.
CVE-2022-23297
CVE-2022-23297 is described as Windows NT LAN Manager Datagram Receiver Driver Information Disclosure Vulnerability. According to the initial entry, it has a CVSSv3.1 base score of 5.5 (MEDIUM) with LOCAL attack vector, LOW attack complexity, and LOW privileges required, causing HIGH confidential...
CVE-2022-34704
CVE-2022-34704 is a Windows Defender Credential Guard Information Disclosure vulnerability. The CVSS‑3.1 base score is 4.7 (Medium) with Local attack vector, HIGH attack complexity, LOW privileges required, and NONE user interaction. Confidentiality impact is HIGH; integrity and availability are ...
CVE-2022-26831
CVE-2022-26831 : Windows LDAP Denial of Service vulnerability. The vulnerability is described as a Windows LDAP DoS issue with a Network attack vector (no user interaction) and a high-impact on availability (per CVSS v3.1: 7.5, HIGH; CVSS v2: 5.0, MEDIUM). Connected sources confirm the Windows LD...
CVE-2022-21857
Technical details for CVE-2022-21857 (Active Directory Domain Services Elevation of Privilege) are not provided in the connected documents. The initial description confirms AD DS Elevation of Privilege, but no affected product versions, root cause, impact, or fixes are included here. Monitor for ...
CVE-2022-23253
CVE-2022-23253 is a Windows PPTP Denial of Service vulnerability. The records show it has a CVSS v3.1 base score of 6.5 (Network, Low attack complexity, Privileges Low, No user interaction) with HIGH availability impact. Concrete details about affected products, versions, or exploit activity are ...