Windows 11 21h2
by Microsoft
Source repositories
CVEs (1,563)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-38545 | Cri | 0.66 | 9.8 | 0.78 | Oct 18, 2023 | This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255… | ||
| CVE-2023-44487 | Hig | 0.65 | 7.5 | 1.00 | KEV | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |
| CVE-2023-36424 | Hig | 0.63 | 7.8 | 0.12 | KEV | Nov 14, 2023 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CVE-2024-38250 | Hig | 0.51 | 7.8 | 0.01 | Sep 10, 2024 | Windows Graphics Component Elevation of Privilege Vulnerability | ||
| CVE-2022-26926 | Hig | 0.51 | 7.8 | 0.03 | May 10, 2022 | Windows Address Book Remote Code Execution Vulnerability | ||
| CVE-2022-26795 | Hig | 0.51 | 7.8 | 0.01 | Apr 15, 2022 | Windows Print Spooler Elevation of Privilege Vulnerability | ||
| CVE-2013-3900 | Med | 0.51 | 5.5 | 0.45 | KEV | Dec 11, 2013 | Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows… | |
| CVE-2023-29335 | Hig | 0.49 | 7.5 | 0.01 | May 9, 2023 | Microsoft Word Security Feature Bypass Vulnerability | ||
| CVE-2022-26826 | Hig | 0.47 | 7.2 | 0.04 | Apr 15, 2022 | Windows DNS Server Remote Code Execution Vulnerability | ||
| CVE-2022-26934 | Med | 0.44 | 6.5 | 0.03 | May 10, 2022 | Windows Graphics Component Information Disclosure Vulnerability | ||
| CVE-2021-34527 | 0.29 | — | 1.00 | KEV | Jul 2, 2021 | A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install… | ||
| CVE-2022-30190 | 0.28 | — | 0.99 | KEV | Jun 1, 2022 | A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then… | ||
| CVE-2021-40449 | 0.28 | — | 0.73 | KEV | Oct 13, 2021 | Win32k Elevation of Privilege Vulnerability | ||
| CVE-2024-21338 | 0.27 | — | 0.52 | KEV | Feb 13, 2024 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2022-21999 | 0.27 | — | 0.42 | KEV | Feb 9, 2022 | Windows Print Spooler Elevation of Privilege Vulnerability | ||
| CVE-2024-21412 | 0.26 | — | 0.95 | KEV | Feb 13, 2024 | Internet Shortcut Files Security Feature Bypass Vulnerability | ||
| CVE-2023-28252 | 0.26 | — | 0.49 | KEV | Apr 11, 2023 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||
| CVE-2024-30088 | 0.25 | — | 0.68 | KEV | Jun 11, 2024 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2023-36884 | 0.25 | — | 0.99 | KEV | Jul 11, 2023 | Windows Search Remote Code Execution Vulnerability | ||
| CVE-2023-24880 | 0.24 | — | 0.78 | KEV | Mar 14, 2023 | Windows SmartScreen Security Feature Bypass Vulnerability |
- risk 0.66cvss 9.8epss 0.78
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255…
- risk 0.65cvss 7.5epss 1.00
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- risk 0.63cvss 7.8epss 0.12
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Graphics Component Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.03
Windows Address Book Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Print Spooler Elevation of Privilege Vulnerability
- risk 0.51cvss 5.5epss 0.45
Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows…
- risk 0.49cvss 7.5epss 0.01
Microsoft Word Security Feature Bypass Vulnerability
- risk 0.47cvss 7.2epss 0.04
Windows DNS Server Remote Code Execution Vulnerability
- risk 0.44cvss 6.5epss 0.03
Windows Graphics Component Information Disclosure Vulnerability
- risk 0.29cvss —epss 1.00
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install…
- risk 0.28cvss —epss 0.99
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then…
- risk 0.28cvss —epss 0.73
Win32k Elevation of Privilege Vulnerability
- risk 0.27cvss —epss 0.52
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.27cvss —epss 0.42
Windows Print Spooler Elevation of Privilege Vulnerability
- risk 0.26cvss —epss 0.95
Internet Shortcut Files Security Feature Bypass Vulnerability
- risk 0.26cvss —epss 0.49
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.25cvss —epss 0.68
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.25cvss —epss 0.99
Windows Search Remote Code Execution Vulnerability
- risk 0.24cvss —epss 0.78
Windows SmartScreen Security Feature Bypass Vulnerability
Page 1 of 79