Windows 11 23h2
by Microsoft
Source repositories
CVEs (2,235)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28249 | Med | 0.40 | 6.2 | 0.01 | Apr 11, 2023 | Windows Boot Manager Security Feature Bypass Vulnerability | ||
| CVE-2022-37985 | Med | 0.39 | 5.5 | 0.38 | Oct 11, 2022 | Windows Graphics Component Information Disclosure Vulnerability | ||
| CVE-2024-21306 | Med | 0.38 | 5.7 | 0.06 | Jan 9, 2024 | Microsoft Bluetooth Driver Spoofing Vulnerability | ||
| CVE-2023-24900 | Med | 0.38 | 5.9 | 0.01 | May 9, 2023 | Windows NTLM Security Support Provider Information Disclosure Vulnerability | ||
| CVE-2022-41090 | Med | 0.38 | 5.9 | 0.01 | Nov 9, 2022 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | ||
| CVE-2022-37965 | Med | 0.38 | 5.9 | 0.01 | Oct 11, 2022 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | ||
| CVE-2026-42915 | Med | 0.37 | 5.7 | 0.00 | Jun 9, 2026 | Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service over an adjacent network. | ||
| CVE-2026-23670 | Med | 0.37 | 5.7 | 0.00 | Apr 14, 2026 | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2024-20692 | Med | 0.37 | 5.7 | 0.01 | Jan 9, 2024 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | ||
| CVE-2023-21693 | Med | 0.37 | 5.7 | 0.01 | Feb 14, 2023 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | ||
| CVE-2026-45634 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally. | ||
| CVE-2026-45606 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally. | ||
| CVE-2026-45604 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally. | ||
| CVE-2026-45594 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally. | ||
| CVE-2026-42973 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||
| CVE-2026-42972 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally. | ||
| CVE-2026-42971 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||
| CVE-2026-42970 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||
| CVE-2026-42969 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||
| CVE-2026-42968 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally. |
- risk 0.40cvss 6.2epss 0.01
Windows Boot Manager Security Feature Bypass Vulnerability
- risk 0.39cvss 5.5epss 0.38
Windows Graphics Component Information Disclosure Vulnerability
- risk 0.38cvss 5.7epss 0.06
Microsoft Bluetooth Driver Spoofing Vulnerability
- risk 0.38cvss 5.9epss 0.01
Windows NTLM Security Support Provider Information Disclosure Vulnerability
- risk 0.38cvss 5.9epss 0.01
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
- risk 0.38cvss 5.9epss 0.01
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
- risk 0.37cvss 5.7epss 0.00
Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service over an adjacent network.
- risk 0.37cvss 5.7epss 0.00
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
- risk 0.37cvss 5.7epss 0.01
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
- risk 0.37cvss 5.7epss 0.01
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
Page 42 of 112