66 matches found
CVE-2021-31956
CVE-2021-31956 is a Windows NTFS local privilege-escalation vulnerability that Microsoft and security researchers have shown can be exploited via manipulation of the Windows kernel’s WNF/NTFS interaction and pool-heap exploitation techniques to obtain SYSTEM-level access. Public materials describ...
CVE-2021-33742
CVE-2021-33742 is a memory-corruption remote code execution vulnerability in Microsoft Windows MSHTML/Internet Explorer. The IE/MSHTML bugchain included a use-after-free (user-controlled callback between two actions) and a buffer overflow in MSHTML, enabling arbitrary code execution. In-the-wild ...
CVE-2018-3639
CVE-2018-3639 is a speculative execution side‑channel vulnerability (SSB) that can leak memory via speculative stores. The Connected ALMA doc notes a mitigation: SSB is disabled by the new alt-java launcher, reducing impact at the cost of performance, and it references OpenJDK 8u282 as part of th...
CVE-2009-3103
CVE-2009-3103 affects SMBv2 in srv2.sys on Windows Vista (Gold, SP1, SP2), Windows Server 2008 (Gold, SP2), and Windows 7 RC. Description and NSE/script references describe an out-of-bounds/array indexing issue in the SMB Negotiation protocol handling (ProcessID High header) that can allow remote...
CVE-2024-49138
Summary (CVE-2024-49138): A heap-based buffer overflow in the Windows Common Log File System Driver (CLFS.sys) enables local Elevation of Privilege on Windows 11/23h2 (and other supported builds). Public PoCs and exploits exist (GitHub PoC repos and exploits referenced in multiple sources), with ...
CVE-2022-22012
Technical details about CVE-2022-22012 are not publicly provided in the connected documents. The materials mention updates and mitigations but do not specify affected products/versions or remediation for this CVE. Monitor for updates.
CVE-2022-26937
CVE-2022-26937 is a Windows Network File System (NFS) remote code execution vulnerability. Exploitation could occur over the network via an unauthenticated, specially crafted call to an NFS service. NFSv4.1 is not affected; the patch addresses the vulnerability in NFS versions 2.0 and 3.0. In the...
CVE-2023-36705
Technical details about CVE-2023-36705 (affected product/component/root cause/impact) are not provided in the connected documents. The supplied materials reference Windows updates and security advisories but do not disclose CVE-specific technical data. Monitor for updates.
CVE-2022-26931
CVE-2022-26931 is a Windows Kerberos elevation-of-privilege issue tied to certificate-to-account mapping changes in Active Directory. Microsoft KBs and Citrix documents describe remediation via certificate-mapping updates (e.g., KB5014754 and related out‑of‑band mitigations) to address how certif...
CVE-2023-36397
Technical details about CVE-2023-36397 are not provided in the supplied documents. No affected products, versions, root cause, impact, or remediation are specified here. Monitor for future updates from official advisories.
CVE-2023-36402
Technical details about CVE-2023-36402 (affected products, root cause, impact, and fixes) are not provided in the connected documents. Please monitor for official disclosures and updates as new information becomes available.
CVE-2022-22019
Technical details for CVE-2022-22019 are not provided in the connected documents. Public details (affected products, exploit info, impact, remediation) are not present here. Monitor for official updates.
CVE-2022-22013
Technical details about CVE-2022-22013 are not provided in the connected documents; no affected products, root cause, or fixes are specified here. Monitor for updates.
CVE-2021-26899
Technical details for CVE-2021-26899, including affected product/version, root cause, impact, and fix, are not provided in the connected documents. Monitor for updates from official sources.
CVE-2022-23270
Technical details about CVE-2022-23270 are not present in the provided connected documents. Public information on affected products, root cause, and remediation is not provided here. Monitor Microsoft Security Update Guide and MSRC advisories for official details and fixes.
CVE-2021-31962
Technical details (affected product/versions, root cause, impact, exploitability, and remediation) are not provided in the supplied documents. Monitor official disclosures and updates from the included sources for any forthcoming information.
CVE-2022-29104
Technical details (affected products/components, root cause, impact, and exploit info) for CVE-2022-29104 are not provided in the connected documents. Monitor for updates; current sources here do not publish public vulnerability specifics beyond the CVE entry.
CVE-2021-26897
CVE-2021-26897 is a Windows DNS Server remote code execution vulnerability. The connected sources indicate the issue is a buffer overflow caused by oversized dynamic update DNS queries with SIG records that can be written to disk, allowing code execution with Local System privileges when a domain...
CVE-2023-36393
Technical details about CVE-2023-36393, including affected products, root cause, and fixes, are not publicly provided in the supplied documents. Monitor for updates from Microsoft and NVD.
CVE-2023-36395
Technical details for CVE-2023-36395 are not publicly available in the provided documents. Monitor for updates from NVD/MSRC and related feeds.
CVE-2023-36401
Technical details (affected product, root cause, impact, or patch) are not provided in the connected documents. Please monitor for updates from Microsoft or CVE references to get concrete details and remediation when they become available.
CVE-2021-42282
Technical details for CVE-2021-42282 are not publicly provided in the connected documents. No specifics on affected product versions, root cause, or remediation are present. Monitor for updates.
CVE-2022-29112
Technical details for CVE-2022-29112 are not provided in the supplied documents. OpenVAS references the CVE among others, but no product/impact/fix specifics are given here. Monitor for updates.
CVE-2022-26934
CVE-2022-26934 is a Windows Graphics Component information disclosure vulnerability. Affects Windows graphics handling (Windows Graphics Component) and is disclosed as a network-exposed information disclosure with a base CVSSv3.1 score of 6.5 (vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)...
CVE-2022-22014
Technical details about CVE-2022-22014 are not provided in the supplied connected documents. The initial description notes a Windows LDAP RCE vulnerability, but there are no concrete details on affected products, versions, root cause, impact, or fixes within the provided materials. Monitor for up...
CVE-2022-26926
Public technical details for CVE-2022-26926 are not provided in the supplied documents. Monitor for updates.
CVE-2023-36403
CVE-2023-36403 is linked to a Windows Kernel local privilege escalation involving registry virtualization. CIRCL’s CIRCL:CVE-2023-36403 entry explicitly notes “Windows Kernel bad locking in registry virtualization leads to race conditions,” indicating the root cause is locking/race-condition issu...
CVE-2022-26935
Technical details about CVE-2022-26935 are not provided in the connected documents. The Initial document offers a basic description and CVSS info, but no specifics on affected products/versions, root cause, remediation, or exploit status. Monitor for updates.
CVE-2021-31958
Technical details for CVE-2021-31958 are not publicly provided in the supplied documents; monitor for updates.
CVE-2013-3918
CVE-2013-3918 is an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control (icardie.dll) used by Internet Explorer. The flaw exists when the ActiveX control is instantiated via a crafted webpage, enabling remote code execution with the current user’s privileges...
CVE-2022-22011
Technical details (affected components, root cause, impact, and fixes) for CVE-2022-22011 are not provided in the supplied documents. No public details are included here. Monitor official advisories for updates.
CVE-2021-31971
CVE-2021-31971 is a Windows security vulnerability described as a Windows HTML Platforms Security Feature Bypass. Connected sources confirm it is a remote, network-exploitable vulnerability in the HTML platforms component of Internet Explorer/Windows HTML Platform. Exploitation details in the Nes...
CVE-2022-26829
CVE-2022-26829 is a Windows DNS Server Remote Code Execution vulnerability. The provided initial document lists CVSS v2 base score 8.5 (HIGH) with network access and user interaction not required, and CVSS v3.1 base score 6.6 (MEDIUM) with network access, high attack complexity, privileges requir...
CVE-2022-29121
Technical details about CVE-2022-29121 are not provided in the supplied documents. No information on affected products/versions or fixes is available here. Monitor for updates from Microsoft/MSRC and vendor advisories.
CVE-2021-40465
CVE-2021-40465, Windows Text Shaping Remote Code Execution Vulnerability, is documented with CVSS 3.1 base score 7.8 (HIGH) and CVSS2 base 6.8 (MEDIUM) by NVD/Microsoft, indicating LOCAL exploitability with LOW attack complexity and user interaction required. The available sources in the provided...
CVE-2022-29115
Technical details about CVE-2022-29115 are not publicly provided in the supplied documents. No affected product/version or remediation is specified here. Monitor for updates.
CVE-2022-26936
Technical details about CVE-2022-26936 are not provided in the Connected documents; only general security update KB articles are present. Monitor Microsoft advisories (KB5013941/3942/3943, etc.) for vulnerability-specific information and fixes.
CVE-2021-31968
CVE-2021-31968 is a Windows Remote Desktop Services Denial of Service vulnerability. The vulnerability affects Microsoft Windows systems exposing Remote Desktop Services and can impact availability (per CVSS v3.1: HIGH, AV:N/AC:L/PR:N/UI:N/S:U/A:H). Connected sources confirm it as a remotely trig...
CVE-2021-31973
CVE-2021-31973 is a Windows GPSVC Elevation of Privilege vulnerability. Affected component: GPSVC. Root cause not explicitly stated in the provided documents. CVSS v3.1 base score 7.8 (HIGH): Local attack, low privileges required, no user interaction, with high impact to confidentiality, integrit...
CVE-2022-21880
CVE-2022-21880 is a Windows GDI+ Information Disclosure vulnerability. The NVD entry describes impact as a confidentiality breach with no integrity or availability impact. CVSS v2: base score 7.8 (NETWORK, LOW attack complexity, NONE auth, C:C/I:N/A:N). CVSS v3.1: base score 7.5 (AV:N/AC:L/PR:N/U...
CVE-2021-26894
Technical details for CVE-2021-26894 are not provided in the connected documents. The NVD entry notes a Windows DNS Server RCE with CRITICAL severity (CVSS v3.1 9.8) but no specifics on affected versions or fixes are given here. Monitor for updates.
CVE-2018-8392
CVE-2018-8392 is a heap-based buffer overflow in the Microsoft Jet Database Engine. The issue arises from improper handling of in-memory objects, enabling a remote, unauthenticated attacker to exploit by enticing a user to open a specially crafted Excel file, potentially leading to remote code ex...
CVE-2021-26895
Technical details about CVE-2021-26895 are not available in the provided connected documents. The materials include general references to Windows DNS Server RCE and related advisories, but no product/version/impact/remediation specifics are given here. Monitor for updates.
CVE-2022-29103
Technical details for CVE-2022-29103 are not publicly provided in the supplied documents. The connected items discuss Windows update KB entries and security issues, but none specify affected products/versions or remediation for this CVE.
CVE-2018-8393
The connected advisory CPAI-2018-0959 confirms CVE-2018-8393: a remote code execution vulnerability in the Microsoft JET Database Engine (Jet) caused by a buffer overflow. An attacker could trigger it by convincing a user to open a specially crafted Excel file, enabling arbitrary code execution o...
CVE-2018-8424
CVE-2018-8424 describes an information-disclosure vulnerability in the Windows GDI component where memory contents may be leaked. Affected products include Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, Windows 10 and their Server counterparts (e.g., Windows Server 2008, 201...
CVE-2022-29105
No technical details about CVE-2022-29105 are present in the provided connected documents; monitor for updates.
CVE-2021-28350
Technical details about CVE-2021-28350, including affected components, root cause, impact specifics, and patch information, are not provided in the connected documents. Please monitor official advisories and updates for substantive, fact-grounded details.
CVE-2018-8434
CVE-2018-8434 is a Windows Hyper-V information disclosure vulnerability. It occurs when a host OS fails to properly validate input from an authenticated user on a guest OS, allowing potential disclosure of memory information. Affected platforms include Windows 7, Windows Server 2008/2012 families...
CVE-2021-28437
Technical details for CVE-2021-28437 are not provided in the supplied documents. No concrete information on affected product versions, root cause, or fixes is present; monitor for updates as new disclosures or patches emerge.