1844 matches found
CVE-2024-49128
CVE-2024-49128 describes a vulnerability in Windows Remote Desktop Services where sensitive data is stored in improperly locked memory. This can allow an unauthenticated, network-based attacker to execute code remotely. The CVSS 3.1 vector provided indicates network access as the attack vector, h...
CVE-2024-28897
CVE-2024-28897 is referenced in connected data as a Windows Secure Boot vulnerability with the label “Circumvention of security measure.” The primary public document (NVD) lists it as a Secure Boot security feature bypass, with a CVSS v3.1 score of 6.8 (Medium) and details like attack vector adja...
CVE-2024-43560
CVE-2024-43560 is a Windows Storage Port Driver elevation-of-privilege vulnerability. A local attacker with low privileges could exploit it to obtain elevated rights (CVE-2024-43560 details: CVSS v3.1 7.8, high impact; affected component: Windows Storage Port Driver). The NCSC advisory confirms M...
CVE-2024-49132
CVE-2024-49132 affects Windows Remote Desktop Services and is a remote code execution vulnerability exploitable over the network (attack vector: network; no privileges required; user interaction not needed). The CVSSv3.1 base score is 8.1 (HIGH) with high impact on confidentiality, integrity, and...
CVE-2024-26252
CVE-2024-26252 refers to a Windows kernel vulnerability in the rndismp6.sys driver that enables remote code execution. The issue is described as affecting the Windows component rndismp6.sys with a CVSSv3.1 base score of 6.8 (Medium), and usability concerns indicate a physical attack vector, low a...
CVE-2024-29994
CVE-2024-29994 is Microsoft Windows SCSI Class System File Elevation of Privilege. Connected sources (NCSC advisory) list CVE-2024-29994 with CVSS v3.1 base 7.8 (high), Local attack vector, Low privileges required, no user interaction, and impact to confidentiality, integrity, and availability. T...
CVE-2024-38199
Technical details about CVE-2024-38199 are not publicly provided in the connected documents. Monitor for updates from Microsoft and NVD for affected products, fixes, and exploit information.
CVE-2026-33829
CVE-2026-33829 concerns the Windows Snipping Tool and is assigned a CVSSv3.1 base score of 4.3 (Medium). The vulnerability is described with a network attack vector but requires user interaction and does not affect integrity or availability, with confidentiality impact listed as Low. The metric i...
CVE-2024-37968
CVE-2024-37968 is a Windows DNS Spoofing vulnerability rated High (CVSS 7.5) with network attack vector and impact on confidentiality. The connected documents confirm this CVE affects Windows DNS and that Microsoft released fixes in the August 2024 updates (examples: KB5041578, KB5041160, KB50418...
CVE-2019-0697
The connected advisories describe a remote code execution vulnerability in the Microsoft Windows DHCP Client caused by improper processing of DHCP responses (memory corruption) in the DhcpExtractFullOptions path. A remote attacker could send crafted DHCP replies to execute arbitrary code with adm...
CVE-2024-26216
CVE-2024-26216 is a Windows vulnerability affecting the Windows File Server Resource Management Service, categorized as a privilege-escalation issue with a CVSS-like score around 7.3 (high) in public guidance. The connected documents confirm the vulnerability is tied to Windows File Server Resour...
CVE-2024-26230
CVE-2024-26230 is a Windows Telephony Server elevation-of-privilege vulnerability. Reported as a local privilege escalation with CVSS 3.1 base score 7.8 (HIGH): vectors/local, attack complexity LOW, privileges required LOW, no user interaction. Impacts on confidentiality, integrity, and availabil...
CVE-2024-26239
COVID: CVE-2024-26239 is a Windows Telephony Server Elevation of Privilege vulnerability with LOCAL attack vector, requiring LOW privileges and no user interaction. The CVSS 3.1 base score is 7.8 (HIGH), with CONFIDENTIALITY, INTEGRITY, and AVAILABILITY impacts rated HIGH. The initial description...
CVE-2024-28902
CVE-2024-28902 is associated with Windows Remote Access Connection Manager and is listed in an ENISA/NCSC-style advisory as a local, low-complexity information-disclosure vulnerability with potential impact to data confidentiality (CVE-2024-28902, Windows Remote Access Connection Manager). The co...
CVE-2025-21327
CVE-2025-21327 is a Windows Digital Media elevation-of-privilege vulnerability. The CVSS3.1 base vector indicates physical access required, low attack complexity and low privileges, with high impact on confidentiality, integrity, and availability (base score 6.6, medium). The connected data confi...
CVE-2024-21313
CVE-2024-21313 is described as a Windows TCP/IP Information Disclosure Vulnerability. The entry provides a CVSSv3.1 base score of 5.3 (Medium) with network attack vector, high attack complexity, no privileges required, user interaction required, and a privacy-focused impact (Confidentiality: High...
CVE-2024-26171
CVE-2024-26171 is reported as a Windows Secure Boot vulnerability with the impact labeled as circumvention of a security measure (CVSS-like score 6.70). The connected documents corroborate its placement under Windows Secure Boot in the security advisories and vulnerability feeds, but they do not ...
CVE-2024-26248
CVE-2024-26248 is a Windows Kerberos Elevation of Privilege vulnerability with a CVSS v3.1 base score of 7.5 (Impact: High; Privileges Required: Low; Attack Vector: Network; User Interaction: None). The connected sources list this CVE under Windows Kerberos and assign an impact of Obtaining Incre...
CVE-2024-26254
CVE-2024-26254 is a Denial-of-Service in Microsoft Windows Virtual Machine Bus (VMBus). The provided OpenVAS listings confirm VMBus involvement, but do not disclose a concrete root cause, exploit technique, affected product versions, or a remediation in these documents. No patch details are expli...
CVE-2024-28925
CVE-2024-28925 is listed in the Microsoft Windows Secure Boot family as a Secure Boot security feature bypass with high impact (CVSS 3.1: 8.0; Adjacent access, no privileges required, user interaction required). The connected advisory (NCSC) confirms a Windows Secure Boot bypass in the same CVE g...
CVE-2024-26215
Technical details about CVE-2024-26215 are not publicly available in the provided connected documents. Monitor for updates from official vendors and advisories to obtain affected products, impact and remediation information.
CVE-2024-26253
CVE-2024-26253 corresponds to a Windows rndismp6.sys remote code execution vulnerability. The entry notes an affected Windows component (rndismp6.sys) and an exploit path that could allow remote code execution with a high impact on confidentiality, integrity, and availability, while the attack ve...
CVE-2024-28901
Microsoft Windows: CVE-2024-28901 affects the Windows Remote Access Connection Manager. The vulnerability is an information disclosure in RasMan, exploitable locally with low complexity and requiring low privileges; it grants high confidentiality impact and does not affect integrity or availabili...
CVE-2024-29061
Technical details about CVE-2024-29061 are not publicly provided in the supplied documents. The records mention a Secure Boot security feature bypass but do not specify affected products, versions, root cause, exploitability, or mitigations. Monitor for updates.
CVE-2025-21377
Technical details for CVE-2025-21377 are not publicly provided in the supplied documents. No affected products, root cause, impact, or remediation are specified here. Monitor for updates in the connected feeds.
CVE-2024-26205
CVE-2024-26205 is a Windows RRAS remote code execution vulnerability. Connected sources corroborate that it is network-exploitable with a high base score (8.8) and requires user interaction, enabling remote code execution with high impact on confidentiality, integrity and availability. The issue ...
CVE-2024-28922
CVE-2024-28922 is a Secure Boot security feature bypass vulnerability. CVSS‑3.1 metrics show a physical attack vector, low attack complexity, low privileges required, user interaction needed, with no confidentiality impact, but high integrity impact (base score 4.1, Medium). Connected sources ref...
CVE-2024-26183
CVE-2024-26183 is a Windows Kerberos Denial-of-Service vulnerability. The CVSS 3.1 base metrics (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicate a NETWORK-exploitable issue with a MEDIUM severity (6.5) and a HIGH impact on availability, requiring LOW privileges and no user interaction. The descript...
CVE-2024-28900
CVE-2024-28900 is a Windows vulnerability affecting the Windows Remote Access Connection Manager, with information disclosure (confidentiality impact). It is exploitable locally (attack vector: LOCAL) and requires LOW privileges with no user interaction. The CVSS vector in the Initial Description...
CVE-2024-28921
CVE-2024-28921 is a Windows Secure Boot security feature bypass vulnerability. The CVE entry is supported by multiple sources (NVD/NCSC/related feeds) indicating a local-attack-path bypassing Secure Boot with elevated privileges required and no user interaction. The CVSS vector shows: Local attac...
CVE-2024-30038
CVE-2024-30038 is a Win32k local privilege escalation vulnerability. The issue exists in Win32k’s kernel-user boundary; exploitation would require local access with low privileges and no user interaction, potentially granting HIGH confidentiality/integrity/availability impact. Microsoft has issue...
CVE-2023-29351
Technical details about CVE-2023-29351 are not publicly available in the provided documents. Monitor Microsoft and NVD for updates on affected products, impact, and remediation.
CVE-2024-26232
The CVE-2024-26232 entry describes a Remote Code Execution vulnerability in Microsoft Message Queuing (MSMQ). The available details indicate a LOCAL attack with LOW privileges required and USER INTERACTION required, with HIGH impact on confidentiality, integrity, and availability (CVSS 7.3). The ...
CVE-2024-26194
CVE-2024-26194 is a Secure Boot security feature bypass vulnerability. The CVSS vector indicates Local access, high attack complexity, and no privileges/UI required, with high confidentiality, integrity, and availability impact. Microsoft’s MSRC page is referenced for a potential fix, and ENISA/N...
CVE-2024-26242
CVE-2024-26242 is a Windows Telephony Server elevation-of-privilege vulnerability. The connected documents indicate a local-privilege escalation with CVSS v3.1 base score 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Root cause and exact exploit details are not provided in the sources. Microsoft has...
CVE-2024-26244
CVE-2024-26244 is a remote code execution vulnerability in the Microsoft WDAC OLE DB provider for SQL Server. According to the CVSS 3.1 vector, it is exploitable over the network with no privileges required, but requires user interaction, and has high impact on confidentiality, integrity, and ava...
CVE-2024-28920
CVE-2024-28920 is a Secure Boot security feature bypass vulnerability. The connected ENISA/NCSC records indicate this CVE is associated with Microsoft Windows Secure Boot components and is classified as bypassing a security measure. The NVD entry confirms a Secure Boot bypass description, and rel...
CVE-2024-28924
Technical details about CVE-2024-28924 are not publicly provided in the connected documents. Monitor for updates from Microsoft, NVD, or CVE editors for affected products, impact, root cause, and available fixes.
CVE-2024-30037
The CVE-2024-30037 entry affects Windows Common Log File System Driver and is categorized as a local Elevation of Privilege vulnerability (requires local access; may grant elevated privileges). The connected documents corroborate the CVE mapping and indicate it is part of a set of Windows fixes; ...
CVE-2024-38144
CVE-2024-38144 is a local elevation-of-privilege vulnerability in the Windows Kernel Streaming WOW Thunk Service Driver. The connected sources state a local attacker could obtain SYSTEM privileges and that exploit code appeared in the TyphoonPWN 2024 event, with a write‑up from SSD Secure Disclos...
CVE-2025-24035
CVE-2025-24035 affects Windows Remote Desktop Services. The connected data corroborates a remote code execution risk over a network, arising from memory handling (sensitive data stored in improperly locked memory). The impact is described as executing arbitrary code, with the network as the attac...
CVE-2023-29358
CVE-2023-29358 is a Windows GDI Elevation of Privilege vulnerability. Per the sources, it is a LOCAL, low-attack-complexity issue with LOW privileges required, and it has HIGH confidentiality, integrity, and availability impact. The connected documents corroborate the Windows context and do not p...
CVE-2023-32016
Technical details about CVE-2023-32016 are not publicly available in the provided connected documents. Monitor for updates from Microsoft and security feeds for affected products, vulnerable components, and fixes.
CVE-2024-43519
CVE-2024-43519 : Microsoft WDAC OLE DB provider for SQL Server is affected by a Remote Code Execution vulnerability. The CVSS v3.1 base score is 8.8 (HIGH); attack vector is NETWORK, with LOW attack complexity and no privileges required, but user interaction is required. The issue stems from the ...
CVE-2024-38131
Technical details about CVE-2024-38131 are not publicly provided in the connected documents. The available material lacks product/version/root-cause/remediation specifics. Monitor official advisories/updates for concrete information.
CVE-2024-26180
Technical details about CVE-2024-26180 are not provided in the supplied documents. Monitor for updates from official advisories and affected vendors.
CVE-2024-26189
CVE-2024-26189 is a Secure Boot security feature bypass affecting Windows Secure Boot. The CVE is listed in the Windows Secure Boot table with CVSS v3.1 base score 8.0 (HIGH) and impact described as bypassing security measures. Connected sources corroborate a Secure Boot bypass characterization, ...
CVE-2025-21245
CVE-2025-21245 is a Windows Telephony Service remote code execution vulnerability. The CIRCL feed and CVE listings indicate it affects Windows Telephony Service with potential for executing code from an attacker-supplied payload (impact: execution of arbitrary code) and a CVSS v3.1 base score of ...
CVE-2024-26224
CVE-2024-26224 affects Windows DNS Server and is described as a remote code execution vulnerability. Connected sources (CNVD/NCSC tables) list the impact as allowing execution of arbitrary code or executing random code via the DNS service, with CVSS-like references around 7.2 (HIGH) impact, netwo...
CVE-2024-26237
Technical details for CVE-2024-26237 are not publicly available in the provided connected documents. No concrete exploit, impact, or remediation specifics are present beyond the vulnerability title. Monitor for updates from Microsoft and security advisories.