CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-32230 476 2022-06-14 2022-06-23
7.8
None Remote Low Not required None None Complete
Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.
2 CVE-2022-30220 2022-07-12 2022-07-20
7.2
None Local Low Not required Complete Complete Complete
Windows Common Log File System Driver Elevation of Privilege Vulnerability.
3 CVE-2022-30206 2022-07-12 2022-07-20
7.2
None Local Low Not required Complete Complete Complete
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30226.
4 CVE-2022-30155 400 DoS 2022-06-15 2022-10-27
7.1
None Remote Medium Not required None None Complete
Windows Kernel Denial of Service Vulnerability.
5 CVE-2022-30147 2022-06-15 2022-06-27
7.2
None Local Low Not required Complete Complete Complete
Windows Installer Elevation of Privilege Vulnerability.
6 CVE-2022-30142 Exec Code 2022-06-15 2022-09-22
7.6
None Remote High Not required Complete Complete Complete
Windows File History Remote Code Execution Vulnerability.
7 CVE-2022-30138 2022-05-18 2022-05-31
7.2
None Local Low Not required Complete Complete Complete
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29104, CVE-2022-29132.
8 CVE-2022-30135 2022-06-15 2022-06-24
7.2
None Local Low Not required Complete Complete Complete
Windows Media Center Elevation of Privilege Vulnerability.
9 CVE-2022-30132 2022-06-15 2022-06-24
7.2
None Local Low Not required Complete Complete Complete
Windows Container Manager Service Elevation of Privilege Vulnerability.
10 CVE-2022-30131 2022-06-15 2022-06-24
7.2
None Local Low Not required Complete Complete Complete
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability.
11 CVE-2022-29246 120 Exec Code Overflow Bypass 2022-05-24 2022-06-07
7.5
None Remote Low Not required Partial Partial Partial
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function does not assure that a buffer overflow will not occur during handling of the DFU UPLOAD command. When an attacker issues the `UX_SLAVE_CLASS_DFU_COMMAND_UPLOAD` control transfer request with `wLenght` larger than the buffer size (`UX_SLAVE_REQUEST_CONTROL_MAX_LENGTH`, 256 bytes), depending on the actual implementation of `dfu -> ux_slave_class_dfu_read`, a buffer overflow may occur. In example `ux_slave_class_dfu_read` may read 4096 bytes (or more up to 65k) to a 256 byte buffer ultimately resulting in an overflow. Furthermore in case an attacker has some control over the read flash memory, this may result in execution of arbitrary code and platform compromise. A fix for this issue has been included in USBX release 6.1.11. As a workaround, align request and buffer size to assure that buffer boundaries are respected.
12 CVE-2022-29223 120 Overflow 2022-05-24 2022-06-07
7.5
None Remote Low Not required Partial Partial Partial
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with `bNbPorts` set to a value greater than `UX_MAX_TT` which defaults to 8. For a `bNbPorts` value of 255, the implementation of `ux_host_class_hub_descriptor_get` function will modify the contents of `hub` -> `ux_host_class_hub_device` -> `ux_device_hub_tt` array violating the end boundary by 255 - `UX_MAX_TT` items. The USB host stack needs to validate the number of ports reported by the hub, and if the value is larger than UX_MAX_TT, USB stack needs to reject the request. This fix has been included in USBX release 6.1.10.
13 CVE-2022-29133 2022-05-10 2022-05-19
7.2
None Local Low Not required Complete Complete Complete
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29142.
14 CVE-2022-29132 2022-05-10 2022-05-23
7.2
None Local Low Not required Complete Complete Complete
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29104.
15 CVE-2022-26937 Exec Code 2022-05-10 2022-05-23
7.5
None Remote Low Not required Partial Partial Partial
Windows Network File System Remote Code Execution Vulnerability.
16 CVE-2022-26932 2022-05-10 2022-05-23
7.2
None Local Low Not required Complete Complete Complete
Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26938, CVE-2022-26939.
17 CVE-2022-26803 269 2022-04-15 2022-04-18
7.2
None Local Low Not required Complete Complete Complete
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802.
18 CVE-2022-26798 269 2022-04-15 2022-04-19
7.2
None Local Low Not required Complete Complete Complete
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.
19 CVE-2022-25865 77 2022-05-13 2022-05-24
7.5
None Remote Low Not required Partial Partial Partial
The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
20 CVE-2022-24550 269 2022-04-15 2022-04-25
7.2
None Local Low Not required Complete Complete Complete
Windows Telephony Server Elevation of Privilege Vulnerability.
21 CVE-2022-24497 Exec Code 2022-04-15 2022-04-22
7.5
None Remote Low Not required Partial Partial Partial
Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24491.
22 CVE-2022-24491 Exec Code 2022-04-15 2022-04-22
7.5
None Remote Low Not required Partial Partial Partial
Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24497.
23 CVE-2022-24487 Exec Code 2022-04-15 2022-04-22
7.5
None Remote Low Not required Partial Partial Partial
Windows Local Security Authority (LSA) Remote Code Execution Vulnerability.
24 CVE-2022-24460 362 2022-03-09 2022-05-23
7.6
None Remote High Not required Complete Complete Complete
Tablet Windows User Interface Application Elevation of Privilege Vulnerability.
25 CVE-2022-24459 269 2022-03-09 2022-05-23
7.2
None Local Low Not required Complete Complete Complete
Windows Fax and Scan Service Elevation of Privilege Vulnerability.
26 CVE-2022-24455 269 2022-03-09 2022-03-14
7.2
None Local Low Not required Complete Complete Complete
Windows CD-ROM Driver Elevation of Privilege Vulnerability.
27 CVE-2022-24454 269 2022-03-09 2022-05-23
7.2
None Local Low Not required Complete Complete Complete
Windows Security Support Provider Interface Elevation of Privilege Vulnerability.
28 CVE-2022-23299 269 2022-03-09 2022-05-23
7.2
None Local Low Not required Complete Complete Complete
Windows PDEV Elevation of Privilege Vulnerability.
29 CVE-2022-23296 269 2022-03-09 2022-05-23
7.2
None Local Low Not required Complete Complete Complete
Windows Installer Elevation of Privilege Vulnerability.
30 CVE-2022-23293 269 2022-03-09 2022-05-23
7.2
None Local Low Not required Complete Complete Complete
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability.
31 CVE-2022-23291 269 2022-03-09 2022-05-23
7.2
None Local Low Not required Complete Complete Complete
Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23288.
32 CVE-2022-23290 269 2022-03-09 2022-05-23
7.2
None Local Low Not required Complete Complete Complete
Windows Inking COM Elevation of Privilege Vulnerability.
33 CVE-2022-23266 269 2022-03-09 2022-03-14
7.2
None Local Low Not required Complete Complete Complete
Microsoft Defender for IoT Elevation of Privilege Vulnerability.
34 CVE-2022-22718 269 2022-02-09 2022-05-23
7.2
None Local Low Not required Complete Complete Complete
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-21999, CVE-2022-22717.
35 CVE-2022-22715 269 2022-02-09 2022-05-23
7.2
None Local Low Not required Complete Complete Complete
Named Pipe File System Elevation of Privilege Vulnerability.
36 CVE-2022-22050 2022-07-12 2022-07-19
7.2
None Local Low Not required Complete Complete Complete
Windows Fax Service Elevation of Privilege Vulnerability.
37 CVE-2022-22049 787 2022-07-12 2022-09-28
7.2
None Local Low Not required Complete Complete Complete
Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22026, CVE-2022-22047.
38 CVE-2022-22047 269 2022-07-12 2022-07-16
7.2
None Local Low Not required Complete Complete Complete
Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22026, CVE-2022-22049.
39 CVE-2022-22043 269 2022-07-12 2022-07-16
7.2
None Local Low Not required Complete Complete Complete
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability.
40 CVE-2022-22040 400 DoS 2022-07-12 2022-07-16
7.5
None Remote Low Not required Partial Partial Partial
Internet Information Services Dynamic Compression Module Denial of Service Vulnerability.
41 CVE-2022-22034 269 2022-07-12 2022-07-16
7.2
None Local Low Not required Complete Complete Complete
Windows Graphics Component Elevation of Privilege Vulnerability.
42 CVE-2022-22031 269 2022-07-12 2022-10-26
7.2
None Local Low Not required Complete Complete Complete
Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability.
43 CVE-2022-22026 787 2022-07-12 2022-09-28
7.2
None Local Low Not required Complete Complete Complete
Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22047, CVE-2022-22049.
44 CVE-2022-22001 269 2022-02-09 2022-05-23
7.2
None Local Low Not required Complete Complete Complete
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability.
45 CVE-2022-22000 269 2022-02-09 2022-05-23
7.2
None Local Low Not required Complete Complete Complete
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21981.
46 CVE-2022-21996 269 2022-02-09 2022-02-14
7.2
None Local Low Not required Complete Complete Complete
Win32k Elevation of Privilege Vulnerability.
47 CVE-2022-21994 269 2022-02-09 2022-05-23
7.2
None Local Low Not required Complete Complete Complete
Windows DWM Core Library Elevation of Privilege Vulnerability.
48 CVE-2022-21993 668 2022-02-09 2022-05-23
7.8
None Remote Low Not required Complete None None
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability.
49 CVE-2022-21978 2022-05-10 2022-05-18
7.2
None Local Low Not required Complete Complete Complete
Microsoft Exchange Server Elevation of Privilege Vulnerability.
50 CVE-2022-21969 Exec Code 2022-01-11 2022-01-21
7.7
None Local Network Low ??? Complete Complete Complete
Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21846, CVE-2022-21855.
Total number of vulnerabilities : 1916   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.