Vulnerabilites related to microsoft - windows_server_2022_23h2
Vulnerability from fkie_nvd
Published
2024-03-12 17:15
Modified
2024-12-05 03:18
Severity ?
Summary
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90D10880-2D62-4AC6-9712-0A0519F50CEE",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FACDC7-EB1C-4F9E-8841-B4F5D740E833",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Proveedor Microsoft WDAC OLE DB para la vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de SQL Server"
}
],
"id": "CVE-2024-21444",
"lastModified": "2024-12-05T03:18:50.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-03-12T17:15:53.907",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21444"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-14 17:54
Severity ?
Summary
Windows Remote Desktop Services Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49115 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "361D1B8E-6E56-4B5F-85D1-D47114A10A81",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECABB2C-DACB-4BBD-8739-DDB00285B0A7",
"versionEndExcluding": "10.0.20348.2966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Services Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en los Servicios de Escritorio Remoto de Windows"
}
],
"id": "CVE-2024-49115",
"lastModified": "2025-01-14T17:54:03.167",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:37.900",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49115"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-591"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-22 19:30
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43592 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-43592",
"lastModified": "2024-10-22T19:30:02.777",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-10-08T18:15:27.327",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43592"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-13 17:15
Modified
2025-05-19 14:21
Severity ?
Summary
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29967 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B6B5CAA-8A5A-4676-BC01-CD97BDCE5763",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4E77111E-B41A-4E88-AC0B-2EBEC9E042FF",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "A725E104-8456-4AE8-9A9D-10127FC36BDE",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4720EC2C-1371-4D1F-80E6-7804D079C183",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "63199B82-79B6-461A-AC6D-CD1EE5EBCC80",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C7D99F6B-B97B-4010-AA5C-84E9FE50D860",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8047D88E-3BAD-4DCE-A1CD-68BEBEE06D50",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "66B77F75-39F2-46EE-BC6F-06650808568E",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "63101BFA-2F60-49BD-8E03-6F13FA9A106D",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "26BA0DF8-5B45-4B1D-A5F2-3D3B7A60AF90",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "404F532F-861B-42E0-B31D-325E5CFEE8EC",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "2A951F53-2D80-44A8-ADE4-9E26702BB76E",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "CA321DC2-D196-4C81-87E8-B1A240A75CB8",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CA476FFD-741C-4534-AA84-BA3511AE1413",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "28D1BDF2-8DF7-48DF-BBF7-E5DE3EF243D1",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3F66E394-51B6-48B2-AFF6-A45007E654AD",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "4448191F-2152-4E7F-8D4A-4EE7ED6657D6",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "7CE8E58A-59AA-4649-8C0F-0DB11A1D1936",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91433700-DB90-4524-8FAE-FF3895C2A45F",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B47EE2B-4081-4D43-8AF7-C8EB11852312",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76679D4E-C4EF-4EED-BCDE-79F5AF859576",
"versionEndExcluding": "10.0.20348.3692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9B2720-3733-4C50-85F7-156D781D15B8",
"versionEndExcluding": "10.0.25398.1611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE51E4F-FCFF-4DC0-9B76-861EE20D54A4",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer basado en mont\u00f3n en Remote Desktop Gateway Service remoto permite que un atacante no autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"id": "CVE-2025-29967",
"lastModified": "2025-05-19T14:21:15.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-05-13T17:15:57.303",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29967"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-15 20:24
Severity ?
Summary
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21335 | Patch, Vendor Advisory |
Impacted products
{
"cisaActionDue": "2025-02-04",
"cisaExploitAdd": "2025-01-14",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C4AF6108-E473-4695-B5AE-A4449A7A6E22",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "146C68DB-CB79-4CCA-BCCF-DDB7E6B543DC",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "A9DDB80C-CA0E-4BF2-AB22-5240DFD39D1B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8092B56B-2B8D-43F0-8509-98788A8C26D8",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "79F031F0-7E96-4361-9E73-1617F5C51A5D",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB980EBB-388D-4D0B-8154-C15EC4E77757",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "A491D1F2-50EF-4B26-8FA0-70484BD32E7A",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F187E54E-E615-444B-96C2-47222438B893",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155593BE-9192-4286-81F7-2C66B55B0438",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows Hyper-V NT Kernel Integration VSP"
}
],
"id": "CVE-2025-21335",
"lastModified": "2025-01-15T20:24:16.867",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:58.960",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21335"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-11 18:15
Modified
2025-03-04 15:15
Severity ?
Summary
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8B692D57-D1F5-440E-AC28-C7633740ED6E",
"versionEndExcluding": "10.0.10240.20915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "44723F8C-6B56-4A27-B213-E822ADC16078",
"versionEndExcluding": "10.0.10240.20915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C91C224C-5CC9-42EF-8053-AC80EE2CC2B5",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "07421D08-3F88-4532-B652-36825784EFF9",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B5BC47F5-150E-4D18-8CC4-356F22171D81",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "E448ECB4-CE46-4A29-A092-5A4D334E5535",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A932CBA3-651F-4BBA-968A-2D6CA7DF8506",
"versionEndExcluding": "10.0.19044.5487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "810C8ECB-619F-447C-B352-E66F7EF5216E",
"versionEndExcluding": "10.0.19045.5487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30AF7170-5722-4C9C-A8AD-7A9F0C5952EE",
"versionEndExcluding": "10.0.22621.4890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62FFD367-FB8B-48CA-813F-760E4F393555",
"versionEndExcluding": "10.0.22631.4890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C5B9BC-F08B-49F8-82D3-7CC6BDB68995",
"versionEndExcluding": "10.0.26100.3194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "208FA80F-F742-473E-81D5-003DC2BFFC6C",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273EE4B9-8B53-4387-98C8-EC5D2558DB82",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1711CDE0-4C93-40D3-91B7-DE507143A45F",
"versionEndExcluding": "10.0.20348.3207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FB476271-F7D2-40F9-BAFC-2DCD597BFE27",
"versionEndExcluding": "10.0.25398.1425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C5C38103-E0F4-4302-98CE-BD8B20460004",
"versionEndExcluding": "10.0.26100.3194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio de Microsoft Message Queue (MSMQ)"
}
],
"id": "CVE-2025-21181",
"lastModified": "2025-03-04T15:15:26.497",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-02-11T18:15:29.553",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-21181-denial-of-service-vulnerability-in-microsoft-message-queuing-detection-script"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-21181-denial-of-service-vulnerability-in-microsoft-message-queuing-mitigation-script"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:11
Severity ?
Summary
Windows Remote Access Connection Manager Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30071 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30071 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE",
"versionEndExcluding": "10.0.10240.20710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Access Connection Manager Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del Administrador de conexi\u00f3n de acceso remoto de Windows"
}
],
"id": "CVE-2024-30071",
"lastModified": "2024-11-21T09:11:11.630",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:16.233",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30071"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-126"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 16:40
Severity ?
Summary
NTFS Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38117 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E76B107-D977-41BE-8E5C-6A9B52C6EBDE",
"versionEndExcluding": "10.0.10240.20751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6808A3F0-AC0E-4825-A582-5D7841F4870F",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0893DB0-24BA-41A1-907E-8B6F66741A0E",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98",
"versionEndExcluding": "10.0.19044.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9C3ED0-C639-42B9-8512-5CAD50B7095B",
"versionEndExcluding": "10.0.19045.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E",
"versionEndExcluding": "10.0.22000.3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28824912-3E9D-4E1E-AE1F-F9700DB892C0",
"versionEndExcluding": "6.2.9200.25031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTFS Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de NTFS"
}
],
"id": "CVE-2024-38117",
"lastModified": "2024-08-16T16:40:43.667",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:12.570",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38117"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-17 16:40
Severity ?
Summary
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38238 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "85DD5735-7C22-4A98-B404-08FEF44A640F",
"versionEndExcluding": "10.0.10240.20766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83550045-529B-4968-A543-C9D298C0F31D",
"versionEndExcluding": "10.0.10240.20766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "90027BBC-56AF-4F14-A118-53BBA694A0CD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "DFB6CBF4-DA4A-4743-B8A1-3E41FCBEEBEC",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9450F3-BE07-4F9B-9C2B-29208AB91A9C",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C7FEB1-00AE-42A6-BBAA-A30081BD4A83",
"versionEndExcluding": "10.0.19044.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6FBDC450-FB5A-469C-8D38-9586CE5A6F48",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6A08D353-356F-4BB0-A43F-15EBD6E2FB83",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "13DBA791-6F77-4DA1-8BF4-BA7C299C6188",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF161E1C-AF7E-4F75-86BA-8479D0BA8086",
"versionEndExcluding": "10.0.22000.3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10708C4D-4596-4089-8DDB-5479DE084F64",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "76AB8812-9BA5-415B-A6B1-C5AD065D3382",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5EFBBCCD-A83C-4D06-BBF0-1A4E5C9F0283",
"versionEndExcluding": "10.0.22631.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6231A772-376C-4ED3-919B-EAD9D1439021",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "82EA7851-0235-4ACA-8BDB-89243CF2BDA7",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904",
"versionEndExcluding": "10.0.20348.2700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0",
"versionEndExcluding": "10.0.25398.1128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kernel Streaming Service Driver Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el controlador del servicio de transmisi\u00f3n por kernel"
}
],
"id": "CVE-2024-38238",
"lastModified": "2024-09-17T16:40:55.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:27.520",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38238"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 17:21
Modified
2025-07-10 13:59
Severity ?
Summary
Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32716 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FCC2974E-F0F4-4F33-9CCE-2CEA45A3AD86",
"versionEndExcluding": "10.0.10240.21034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A94EDBE2-AAFF-4E9A-A9E5-9B02ADB94471",
"versionEndExcluding": "10.0.10240.21034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "21CF85F1-CE6E-4AA2-B686-20766DB23D46",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "10F0F3D2-00CD-4F52-B31E-DEA656DBD8B3",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F081F99C-6E6A-4AB2-8DE8-6457582D80D6",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "7D9FCD92-0CED-43D3-87E0-630B80AC1A89",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5667B11-7E10-4A08-89D2-253D682151C5",
"versionEndExcluding": "10.0.19044.5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CB6E81-62E0-4B19-ADE9-5ADB260CB960",
"versionEndExcluding": "10.0.19045.5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDDDE2C-0235-4792-905A-DDDF5D346BDC",
"versionEndExcluding": "10.0.22621.5472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53835865-3135-4F16-9868-C96D8C5E2BED",
"versionEndExcluding": "10.0.22631.5472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B7111D-5C1D-415B-8ED4-F891B4832B18",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E77CCA1-2FF6-429B-85A6-81E2B7C6B08F",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "889A792E-8809-4A78-AABC-0567D025927A",
"versionEndExcluding": "10.0.20348.3745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "537E7AD5-0562-490B-AB16-0805F8865C74",
"versionEndExcluding": "10.0.25398.1665",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "La lectura fuera de los l\u00edmites en Windows Media permite que un atacante autorizado eleve privilegios localmente."
}
],
"id": "CVE-2025-32716",
"lastModified": "2025-07-10T13:59:16.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-06-10T17:21:56.087",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32716"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-13 17:15
Modified
2025-05-19 14:22
Severity ?
Summary
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29963 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "63199B82-79B6-461A-AC6D-CD1EE5EBCC80",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C7D99F6B-B97B-4010-AA5C-84E9FE50D860",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8047D88E-3BAD-4DCE-A1CD-68BEBEE06D50",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "66B77F75-39F2-46EE-BC6F-06650808568E",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "63101BFA-2F60-49BD-8E03-6F13FA9A106D",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "26BA0DF8-5B45-4B1D-A5F2-3D3B7A60AF90",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "404F532F-861B-42E0-B31D-325E5CFEE8EC",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "2A951F53-2D80-44A8-ADE4-9E26702BB76E",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "CA321DC2-D196-4C81-87E8-B1A240A75CB8",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CA476FFD-741C-4534-AA84-BA3511AE1413",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "28D1BDF2-8DF7-48DF-BBF7-E5DE3EF243D1",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3F66E394-51B6-48B2-AFF6-A45007E654AD",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "4448191F-2152-4E7F-8D4A-4EE7ED6657D6",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "7CE8E58A-59AA-4649-8C0F-0DB11A1D1936",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B47EE2B-4081-4D43-8AF7-C8EB11852312",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76679D4E-C4EF-4EED-BCDE-79F5AF859576",
"versionEndExcluding": "10.0.20348.3692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9B2720-3733-4C50-85F7-156D781D15B8",
"versionEndExcluding": "10.0.25398.1611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE51E4F-FCFF-4DC0-9B76-861EE20D54A4",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer basado en mont\u00f3n en Windows Media permite que un atacante no autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"id": "CVE-2025-29963",
"lastModified": "2025-05-19T14:22:19.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-05-13T17:15:56.763",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29963"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-10-10 14:02
Severity ?
Summary
Microsoft Management Console Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38259 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "27B86605-6710-4BC8-99A4-73462A011192",
"versionEndExcluding": "10.0.22000.3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "24ABE040-A076-4A03-9847-B4D0C2CA5E97",
"versionEndExcluding": "10.0.22000.3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "1943A041-87C3-404D-B09C-8E25E46A6E90",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4AC8FE5E-7E85-4520-BD68-3A9776948A5D",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "76AB8812-9BA5-415B-A6B1-C5AD065D3382",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5EFBBCCD-A83C-4D06-BBF0-1A4E5C9F0283",
"versionEndExcluding": "10.0.22631.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6231A772-376C-4ED3-919B-EAD9D1439021",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "82EA7851-0235-4ACA-8BDB-89243CF2BDA7",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904",
"versionEndExcluding": "10.0.20348.2700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0",
"versionEndExcluding": "10.0.25398.1128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Management Console Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Management Console"
}
],
"id": "CVE-2024-38259",
"lastModified": "2024-10-10T14:02:28.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:31.990",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38259"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-22 15:02
Severity ?
Summary
MapUrlToZone Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21329 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155593BE-9192-4286-81F7-2C66B55B0438",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MapUrlToZone Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad MapUrlToZone"
}
],
"id": "CVE-2025-21329",
"lastModified": "2025-01-22T15:02:32.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:57.733",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21329"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-41"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:15
Modified
2025-07-08 19:07
Severity ?
Summary
Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27471 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "575117BF-9A1E-4B90-85D8-4172A58B3B72",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B3B4804C-685B-4F37-92DE-CE73D1B106B4",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "474622F8-06D4-4AD1-8D72-A674909A7634",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "559D55D4-2BF2-4B8F-90CA-C6B885334A3E",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACCA6F4-C140-4B2E-93FF-1B9DC093E831",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09E0970D-79B9-40D9-BFFF-25EE5A686B04",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640C45C8-83C3-4BBC-9176-705BEAA80E64",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9402D-6417-4F82-909A-D89C06C98794",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4B5FB3-A574-4DA6-9A43-0950B121CC92",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network."
},
{
"lang": "es",
"value": "El almacenamiento de datos confidenciales en una memoria bloqueada incorrectamente en Microsoft Streaming Service permite que un atacante no autorizado deniegue el servicio a trav\u00e9s de una red."
}
],
"id": "CVE-2025-27471",
"lastModified": "2025-07-08T19:07:58.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:15:56.970",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27471"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-591"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-27 18:50
Severity ?
Summary
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21270 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio de Microsoft Message Queuing (MSMQ)"
}
],
"id": "CVE-2025-21270",
"lastModified": "2025-01-27T18:50:32.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:46.503",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21270"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 17:15
Modified
2024-11-21 09:11
Severity ?
Summary
Microsoft Streaming Service Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30089 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30089 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B52F95E-6080-46C6-B4B6-E2B3F3E78456",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEAF689-E8DB-4D3C-BC2E-B386BC077BC5",
"versionEndExcluding": "10.0.19044.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "970F54FC-F4ED-49B9-BE94-96B7212FD149",
"versionEndExcluding": "10.0.19045.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84ECD6C0-8C47-4D2F-82B5-4F8C0BBC5FEE",
"versionEndExcluding": "10.0.22000.3019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E80DF17-1F27-474E-B147-9F5B6C494300",
"versionEndExcluding": "10.0.22621.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4258468C-56CC-45C0-B510-FC833E942876",
"versionEndExcluding": "10.0.22631.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F9D974-A968-4CBB-81D8-C73B76DD284A",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498A643B-0180-4AD3-BD7C-5E3CEB0FD112",
"versionEndExcluding": "10.0.20348.2522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA59E2D-57B2-4E8B-937A-3EB51A3AD285",
"versionEndExcluding": "10.0.25398.950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Streaming Service Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del servicio de transmisi\u00f3n de Microsoft"
}
],
"id": "CVE-2024-30089",
"lastModified": "2024-11-21T09:11:14.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-06-11T17:15:57.023",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30089"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-12 18:15
Modified
2024-11-18 22:23
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43631 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "71AD0B79-C3EF-4E13-AB04-D5FAEABA6954",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B35413A3-DE3B-4E35-AB48-C6D5D138AC07",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "D0558F5F-A561-41E9-9242-7F4A5D924479",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EA243DE7-EDB1-43DA-AD7E-541843DECB58",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5D428E06-FC7C-4151-9582-D66D05D7AFE6",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "FB49C811-F4D7-46EB-9ED6-50CB3EAAAD90",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "04BC0915-6F14-4D7A-951F-83CBAB47C3C4",
"versionEndExcluding": "10.0.22621.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8A16CFCB-D002-4F63-B568-9D14ACE88E94",
"versionEndExcluding": "10.0.22621.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B8FE14E5-7226-43CA-A57E-A81636185AD4",
"versionEndExcluding": "10.0.22631.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "97507261-3969-4EBF-BCED-93FBADCBB6DC",
"versionEndExcluding": "10.0.22631.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D32C04CA-E5BE-47CA-AF79-B39859288531",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "40A6B92E-21C6-4BDD-BA57-DC227FF0F998",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38D9CE84-B85F-42B0-959D-A390427A1641",
"versionEndExcluding": "10.0.20348.2849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A549BD98-3DE2-4EF3-A579-12AFCB764975",
"versionEndExcluding": "10.0.25398.1251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F17FD7F-254D-4EE6-9D22-468E76D9B054",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Secure Kernel Mode Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el modo kernel seguro de Windows"
}
],
"id": "CVE-2024-43631",
"lastModified": "2024-11-18T22:23:15.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-12T18:15:31.580",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43631"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-822"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 20:54
Severity ?
Summary
Windows Deployment Services Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38138 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Deployment Services Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de los servicios de implementaci\u00f3n de Windows"
}
],
"id": "CVE-2024-38138",
"lastModified": "2024-08-16T20:54:32.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:17.450",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38138"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-24 21:52
Severity ?
Summary
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21235 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows PrintWorkflowUserSvc"
}
],
"id": "CVE-2025-21235",
"lastModified": "2025-01-24T21:52:14.377",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:36.320",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21235"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 17:21
Modified
2025-07-08 16:11
Severity ?
Summary
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FCC2974E-F0F4-4F33-9CCE-2CEA45A3AD86",
"versionEndExcluding": "10.0.10240.21034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A94EDBE2-AAFF-4E9A-A9E5-9B02ADB94471",
"versionEndExcluding": "10.0.10240.21034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "21CF85F1-CE6E-4AA2-B686-20766DB23D46",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "10F0F3D2-00CD-4F52-B31E-DEA656DBD8B3",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F081F99C-6E6A-4AB2-8DE8-6457582D80D6",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "7D9FCD92-0CED-43D3-87E0-630B80AC1A89",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5667B11-7E10-4A08-89D2-253D682151C5",
"versionEndExcluding": "10.0.19044.5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CB6E81-62E0-4B19-ADE9-5ADB260CB960",
"versionEndExcluding": "10.0.19045.5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDDDE2C-0235-4792-905A-DDDF5D346BDC",
"versionEndExcluding": "10.0.22621.5472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53835865-3135-4F16-9868-C96D8C5E2BED",
"versionEndExcluding": "10.0.22631.5472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA78F5F9-AEE3-423B-B82A-9ECEF2BDADF3",
"versionEndExcluding": "10.0.26100.4270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B7111D-5C1D-415B-8ED4-F891B4832B18",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E77CCA1-2FF6-429B-85A6-81E2B7C6B08F",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "889A792E-8809-4A78-AABC-0567D025927A",
"versionEndExcluding": "10.0.20348.3745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "537E7AD5-0562-490B-AB16-0805F8865C74",
"versionEndExcluding": "10.0.25398.1665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4BB5C4-1318-4006-9C50-0AED4E0C8A3F",
"versionEndExcluding": "10.0.26100.4270",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
},
{
"lang": "es",
"value": "La sobrelectura del b\u00fafer en el Proveedor de administraci\u00f3n de almacenamiento de Windows permite que un atacante autorizado divulgue informaci\u00f3n localmente."
}
],
"id": "CVE-2025-24068",
"lastModified": "2025-07-08T16:11:50.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-06-10T17:21:11.880",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24068"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-126"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-24 21:52
Severity ?
Summary
Windows Telephony Service Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21233 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Windows Telephony Service"
}
],
"id": "CVE-2025-21233",
"lastModified": "2025-01-24T21:52:25.913",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:35.870",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21233"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 20:55
Severity ?
Summary
Windows Secure Channel Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38148 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E",
"versionEndExcluding": "10.0.22000.3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Secure Channel Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del canal seguro de Windows"
}
],
"id": "CVE-2024-38148",
"lastModified": "2024-08-16T20:55:08.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:19.653",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38148"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
DHCP Server Service Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38044 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38044 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DHCP Server Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del servicio de servidor DHCP"
}
],
"id": "CVE-2024-38044",
"lastModified": "2024-11-21T09:24:46.567",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:32.490",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38044"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-197"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-681"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-10 00:15
Modified
2025-01-09 13:59
Severity ?
Summary
Windows Text Services Framework Elevation of Privilege Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CC6302F7-6909-4EAA-A1BB-3B2BA92680BC",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "6DCF52FA-7A1F-44B4-8405-7D4C9E1CB79F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Text Services Framework Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows Text Services Framework"
}
],
"id": "CVE-2024-21417",
"lastModified": "2025-01-09T13:59:37.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-10T00:15:03.027",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21417"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-28 07:15
Modified
2024-11-21 07:47
Severity ?
6.8 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
6.4 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
6.4 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://dl.acm.org/doi/10.1145/3576915.3623066 | Technical Description, Third Party Advisory | |
| cve@mitre.org | https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dl.acm.org/doi/10.1145/3576915.3623066 | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluetooth:bluetooth_core_specification:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDBC9C6-0387-47F1-B213-3AEAFD6A23C8",
"versionEndIncluding": "5.4",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B89EC5-12A3-457B-A297-B525FA447BA1",
"versionEndExcluding": "10.0.17763.5122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A00D05A-00A8-41B1-8E3A-234DC7C43D16",
"versionEndExcluding": "10.0.19043.3693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85ABCA53-40C8-452B-8D2F-7AAF3624DCD4",
"versionEndExcluding": "10.0.19045.3693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCCEFB5-50CD-4D8A-B4A8-16B357367487",
"versionEndExcluding": "10.0.22000.2600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "656DB244-CD92-4288-A4CD-76ED0492D65C",
"versionEndExcluding": "10.0.22621.2715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC26CE6D-0DFD-4642-A806-2A312888A451",
"versionEndExcluding": "10.0.22631.2715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "940B3D77-2D2E-41F3-8450-27AF8BB17F18",
"versionEndExcluding": "10.0.17763.5122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB96325-BCC0-4C49-AF2A-A12C5CE1D818",
"versionEndExcluding": "10.0.20348.2113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A",
"versionEndExcluding": "10.0.25398.531",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS."
},
{
"lang": "es",
"value": "Los dispositivos Bluetooth BR/EDR con emparejamiento simple seguro y emparejamiento de conexiones seguras en las especificaciones principales de Bluetooth 4.2 a 5.4 permiten ciertos ataques de intermediario que fuerzan una longitud de clave corta y pueden llevar al descubrimiento de la clave de cifrado y a la inyecci\u00f3n en vivo, tambi\u00e9n conocido como BLUFFS."
}
],
"id": "CVE-2023-24023",
"lastModified": "2024-11-21T07:47:16.593",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-11-28T07:15:41.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://dl.acm.org/doi/10.1145/3576915.3623066"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://dl.acm.org/doi/10.1145/3576915.3623066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/bluffs-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:37
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Windows DNS Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows DNS Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del servidor DNS de Windows"
}
],
"id": "CVE-2024-26233",
"lastModified": "2025-01-08T16:37:21.217",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:43.650",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26233"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:15
Modified
2025-07-09 16:45
Severity ?
Summary
Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26688 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "575117BF-9A1E-4B90-85D8-4172A58B3B72",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B3B4804C-685B-4F37-92DE-CE73D1B106B4",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "474622F8-06D4-4AD1-8D72-A674909A7634",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "559D55D4-2BF2-4B8F-90CA-C6B885334A3E",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACCA6F4-C140-4B2E-93FF-1B9DC093E831",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09E0970D-79B9-40D9-BFFF-25EE5A686B04",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640C45C8-83C3-4BBC-9176-705BEAA80E64",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9402D-6417-4F82-909A-D89C06C98794",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4B5FB3-A574-4DA6-9A43-0950B121CC92",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer basado en pila en Microsoft Virtual Hard Drive permite que un atacante autorizado eleve privilegios localmente."
}
],
"id": "CVE-2025-26688",
"lastModified": "2025-07-09T16:45:20.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:15:53.550",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26688"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-11 17:16
Modified
2025-07-03 15:04
Severity ?
Summary
Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21180 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6997DE6E-CBAD-4690-A68C-8F10E477DCC2",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3CBCF6D9-5085-473C-82F5-98BC246A9C4C",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "67C8DCD7-90C4-431F-BD03-FDFDE170E748",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "05169574-28AB-4E42-B3DE-710574BB1AD3",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83256070-991F-404C-AE4C-CBB46166CA67",
"versionEndExcluding": "10.0.19044.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F779E2-8536-4B06-A151-6115C9D88D29",
"versionEndExcluding": "10.0.19045.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B27CE48-66A0-488B-A7B6-18A5A191AFDA",
"versionEndExcluding": "10.0.22621.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77DC7D9D-F85F-41B4-A944-D27B388A1157",
"versionEndExcluding": "10.0.22631.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84168D48-1F68-4590-98BB-E926339D1A01",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF468977-7A8C-4234-B244-FA75CB6A124E",
"versionEndExcluding": "10.0.26100.3476",
"versionStartExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7610CDB-A02B-4C62-B17F-6DCE2B3DE4F0",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D271422D-A29F-4DBF-BF72-BCD90E393A5A",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAACC9C4-DDC5-4059-AFE3-A49DB2347A86",
"versionEndExcluding": "10.0.20348.3270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF423F8C-2E8A-46AB-BB2D-C416BF341F92",
"versionEndExcluding": "10.0.25398.1486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF81B44C-8FF7-4C61-9974-3F98DA9D492C",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1438B9AF-92B2-439B-8656-C87B8F8E30A5",
"versionEndExcluding": "10.0.26100.3476",
"versionStartExcluding": "10.0.26100.3403",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer basado en mont\u00f3n en Windows exFAT File System permite que un atacante no autorizado ejecute c\u00f3digo localmente."
}
],
"id": "CVE-2025-21180",
"lastModified": "2025-07-03T15:04:03.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-03-11T17:16:18.790",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21180"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-08 12:36
Severity ?
Summary
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49109 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5FA7C375-3A7C-4F34-B6E7-82C187B4F7AF",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "576F141F-C874-4817-961A-2C4D2AB3DEA4",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F814C24B-FA54-4B97-8387-6EE9AC269178",
"versionEndExcluding": "10.0.19044.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF40E59-FC32-4047-8A63-EE0819A32962",
"versionEndExcluding": "10.0.19045.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3B0836-B782-4C1A-B0D1-B6111CBC8DED",
"versionEndExcluding": "10.0.22621.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B584A6-DEDC-4D7C-9579-B82091B698E0",
"versionEndExcluding": "10.0.22631.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "594D3E33-9ADE-47EF-8032-A5EDC948F92B",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el servicio de red de \u00e1rea amplia inal\u00e1mbrico (WwanSvc)"
}
],
"id": "CVE-2024-49109",
"lastModified": "2025-01-08T12:36:18.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:37.023",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49109"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:33
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Windows DNS Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows DNS Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del servidor DNS de Windows"
}
],
"id": "CVE-2024-26231",
"lastModified": "2025-01-08T16:33:08.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:43.260",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26231"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-11 17:16
Modified
2025-07-03 14:37
Severity ?
Summary
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24045 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7610CDB-A02B-4C62-B17F-6DCE2B3DE4F0",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D271422D-A29F-4DBF-BF72-BCD90E393A5A",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAACC9C4-DDC5-4059-AFE3-A49DB2347A86",
"versionEndExcluding": "10.0.20348.3270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF423F8C-2E8A-46AB-BB2D-C416BF341F92",
"versionEndExcluding": "10.0.25398.1486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF81B44C-8FF7-4C61-9974-3F98DA9D492C",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "El almacenamiento de datos confidenciales en una memoria bloqueada incorrectamente en los servicios de escritorio remoto de Windows permite que un atacante no autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"id": "CVE-2025-24045",
"lastModified": "2025-07-03T14:37:47.237",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-03-11T17:16:26.290",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24045"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-591"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-13 17:16
Modified
2025-05-16 16:29
Severity ?
Summary
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32709 | Vendor Advisory |
Impacted products
{
"cisaActionDue": "2025-06-03",
"cisaExploitAdd": "2025-05-13",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59596E66-63AB-4895-A385-57111ED18743",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286B3A60-FF95-4391-8AF0-D46D5AAB6234",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "63199B82-79B6-461A-AC6D-CD1EE5EBCC80",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C7D99F6B-B97B-4010-AA5C-84E9FE50D860",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87D3BE2A-EF7B-4653-AE64-9F8FE0E12223",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F95690D-5720-4ACD-A378-BC3040E42AF2",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9929270C-5F72-40B8-B36B-073E6D1B00B6",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "894FA410-3F24-45CB-B347-3F839CBA8DD8",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "644E96C3-1EA7-48E2-B800-C6ADA2D65FCD",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91433700-DB90-4524-8FAE-FF3895C2A45F",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B47EE2B-4081-4D43-8AF7-C8EB11852312",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76679D4E-C4EF-4EED-BCDE-79F5AF859576",
"versionEndExcluding": "10.0.20348.3692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9B2720-3733-4C50-85F7-156D781D15B8",
"versionEndExcluding": "10.0.25398.1611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE51E4F-FCFF-4DC0-9B76-861EE20D54A4",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Use After Free del controlador de funciones auxiliares de Windows para WinSock permite que un atacante autorizado eleve privilegios localmente."
}
],
"id": "CVE-2025-32709",
"lastModified": "2025-05-16T16:29:34.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-05-13T17:16:04.020",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32709"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-14 17:49
Severity ?
Summary
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49127 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "10F567C3-3739-4F3D-B9E0-D2725D09CE0D",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "04D1F48B-C323-4062-B5E1-9700ADBB153C",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "29B44B5E-3D35-4A5B-A916-6E70923FAB7C",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "77EAFFB9-3053-4197-B52D-69F4F86C8FBA",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5FA7C375-3A7C-4F34-B6E7-82C187B4F7AF",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "576F141F-C874-4817-961A-2C4D2AB3DEA4",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F814C24B-FA54-4B97-8387-6EE9AC269178",
"versionEndExcluding": "10.0.19044.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF40E59-FC32-4047-8A63-EE0819A32962",
"versionEndExcluding": "10.0.19045.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3B0836-B782-4C1A-B0D1-B6111CBC8DED",
"versionEndExcluding": "10.0.22621.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B584A6-DEDC-4D7C-9579-B82091B698E0",
"versionEndExcluding": "10.0.22631.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "594D3E33-9ADE-47EF-8032-A5EDC948F92B",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "361D1B8E-6E56-4B5F-85D1-D47114A10A81",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECABB2C-DACB-4BBD-8739-DDB00285B0A7",
"versionEndExcluding": "10.0.20348.2966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el Protocolo ligero de acceso a directorios (LDAP) de Windows"
}
],
"id": "CVE-2024-49127",
"lastModified": "2025-01-14T17:49:38.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:39.720",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49127"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-24 21:54
Severity ?
Summary
Windows Telephony Service Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21245 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Windows Telephony Service"
}
],
"id": "CVE-2025-21245",
"lastModified": "2025-01-24T21:54:08.047",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:41.100",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21245"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-05-29 14:15
Severity ?
Summary
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el servicio Windows Line Printer Daemon (LPD)"
}
],
"id": "CVE-2025-21224",
"lastModified": "2025-05-29T14:15:34.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-01-14T18:15:34.150",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-21224-remote-code-execution-vulnerability-in-windows-line-printer-daemon-service-detection-script"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-21224-remote-code-execution-vulnerability-in-windows-line-printer-daemon-service-mitigation-script"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-591"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-21 21:28
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Windows Remote Desktop Services Tampering Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43456 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Services\u00a0Tampering Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de manipulaci\u00f3n de los servicios de escritorio remoto de Windows"
}
],
"id": "CVE-2024-43456",
"lastModified": "2024-10-21T21:28:15.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-08T18:15:09.283",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43456"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-24 21:51
Severity ?
Summary
Windows NTLM V1 Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21311 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows NTLM V1 Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows NTLM V1"
}
],
"id": "CVE-2025-21311",
"lastModified": "2025-01-24T21:51:02.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:54.567",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21311"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-303"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 17:15
Modified
2024-11-21 09:11
Severity ?
Summary
Microsoft Streaming Service Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30090 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30090 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7733FD-F870-4578-A567-9900AD6C78E3",
"versionEndExcluding": "10.0.10240.20680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96DA51E-404E-49AE-B852-56FF8A1CEEA6",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B52F95E-6080-46C6-B4B6-E2B3F3E78456",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEAF689-E8DB-4D3C-BC2E-B386BC077BC5",
"versionEndExcluding": "10.0.19044.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "970F54FC-F4ED-49B9-BE94-96B7212FD149",
"versionEndExcluding": "10.0.19045.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84ECD6C0-8C47-4D2F-82B5-4F8C0BBC5FEE",
"versionEndExcluding": "10.0.22000.3019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E80DF17-1F27-474E-B147-9F5B6C494300",
"versionEndExcluding": "10.0.22621.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4258468C-56CC-45C0-B510-FC833E942876",
"versionEndExcluding": "10.0.22631.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA61AAF0-D769-4287-AA5C-EFDAD067E9F1",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F9D974-A968-4CBB-81D8-C73B76DD284A",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498A643B-0180-4AD3-BD7C-5E3CEB0FD112",
"versionEndExcluding": "10.0.20348.2522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA59E2D-57B2-4E8B-937A-3EB51A3AD285",
"versionEndExcluding": "10.0.25398.950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Streaming Service Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del servicio de transmisi\u00f3n de Microsoft"
}
],
"id": "CVE-2024-30090",
"lastModified": "2024-11-21T09:11:14.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-06-11T17:15:57.240",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30090"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-822"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 15:27
Severity ?
Summary
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38137 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98",
"versionEndExcluding": "10.0.19044.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9C3ED0-C639-42B9-8512-5CAD50B7095B",
"versionEndExcluding": "10.0.19045.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E",
"versionEndExcluding": "10.0.22000.3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en la extensi\u00f3n del servicio PSM de Windows Resource Manager"
}
],
"id": "CVE-2024-38137",
"lastModified": "2024-08-16T15:27:09.137",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:17.230",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38137"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-591"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 17:16
Modified
2024-11-21 09:08
Severity ?
Summary
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29998 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29998 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA2824B-BEA1-438D-A606-65BF5C85AF19",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64DEDA09-D9D3-4974-A4C1-36D2A7C27916",
"versionEndExcluding": "10.0.19044.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAF4860-124C-4A1B-AF4B-12C676E545DC",
"versionEndExcluding": "10.0.19045.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C65169A-BEF8-4C27-8F3C-F30401DFDB71",
"versionEndExcluding": "10.0.22000.2960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96D1BF2-D11D-4355-A9E8-7F89485772D3",
"versionEndExcluding": "10.0.22621.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44D7840D-388C-46D8-9782-A49FE9D54704",
"versionEndExcluding": "10.0.22631.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3B72F9-A2EA-4C74-98B5-3543A98B9098",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31EAEF01-DD3A-4DDC-8D12-2AE71CADD6BD",
"versionEndExcluding": "10.0.20348.2458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7510F630-1C49-4F21-A814-2406F94CA5C7",
"versionEndExcluding": "10.0.25398.887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Mobile Broadband Driver Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del controlador de banda ancha de Windows Mobile"
}
],
"id": "CVE-2024-29998",
"lastModified": "2024-11-21T09:08:46.563",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-05-14T17:16:23.233",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29998"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:13
Severity ?
Summary
Secure Boot Security Feature Bypass Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de arranque seguro"
}
],
"id": "CVE-2024-26189",
"lastModified": "2025-01-08T16:13:57.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:37.170",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26189"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:15
Modified
2025-07-09 16:44
Severity ?
Summary
Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26687 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:universal:*:*",
"matchCriteriaId": "33744D2E-67B8-4BC9-A5BB-4D4C02A403E3",
"versionEndExcluding": "16.0.14326.22331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2B4E844F-72B0-4B50-A740-70E553F20A4E",
"versionEndExcluding": "16.0.18730.20000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "575117BF-9A1E-4B90-85D8-4172A58B3B72",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B3B4804C-685B-4F37-92DE-CE73D1B106B4",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "474622F8-06D4-4AD1-8D72-A674909A7634",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "559D55D4-2BF2-4B8F-90CA-C6B885334A3E",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACCA6F4-C140-4B2E-93FF-1B9DC093E831",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09E0970D-79B9-40D9-BFFF-25EE5A686B04",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640C45C8-83C3-4BBC-9176-705BEAA80E64",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9402D-6417-4F82-909A-D89C06C98794",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4B5FB3-A574-4DA6-9A43-0950B121CC92",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network."
},
{
"lang": "es",
"value": "Use after free en Windows Win32K: GRFX permite que un atacante no autorizado eleve privilegios en una red."
}
],
"id": "CVE-2025-26687",
"lastModified": "2025-07-09T16:44:36.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:15:53.383",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26687"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
Windows Filtering Platform Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38034 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38034 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE",
"versionEndExcluding": "10.0.10240.20710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Filtering Platform Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows Filtering Platform"
}
],
"id": "CVE-2024-38034",
"lastModified": "2024-11-21T09:24:45.563",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:31.423",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38034"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:44
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-26179",
"lastModified": "2025-01-08T16:44:57.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:36.543",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26179"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 13:32
Severity ?
Summary
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38135 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del sistema de archivos resistente de Windows (ReFS)"
}
],
"id": "CVE-2024-38135",
"lastModified": "2024-08-16T13:32:49.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:16.777",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38135"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-126"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 20:18
Severity ?
Summary
Windows Graphics Component Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43509 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DDF28-F8D4-4F42-ACE0-ED41C3628A8D",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "58DB776E-E3B6-4990-8AA2-6A63FDAA84C4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4AC4CAAB-C035-4D00-8DBC-9C3CE39FBBD4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8ED2CAD8-D2E2-4AF5-874A-2938D3C3EA0F",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10021958-69E6-4B2A-8DF1-ECA2C2D95328",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE70C979-F86C-43B3-BCF6-F8A3E1DB6042",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801079-35D1-4489-A0AE-DA780FF4F9BC",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E727AE65-9D9E-49BA-A875-9D50FAE9F7DB",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1732A1-CE96-4F6A-BA6D-E67CD42C486D",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07DF8B6-0DF9-4BF1-9C9B-4A29F9611C8A",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Graphics Component Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en componentes gr\u00e1ficos de Windows"
}
],
"id": "CVE-2024-43509",
"lastModified": "2024-10-17T20:18:45.110",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:13.073",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43509"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
Windows Line Printer Daemon Service Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38027 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38027 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE",
"versionEndExcluding": "10.0.10240.20710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Line Printer Daemon Service Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del servicio daemon de Windows Line Printer"
}
],
"id": "CVE-2024-38027",
"lastModified": "2024-11-21T09:24:44.557",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:29.400",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38027"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 18:15
Modified
2024-11-21 08:54
Severity ?
Summary
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21360 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21360 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448534CE-1C07-4DF1-8EDD-C43C3492898B",
"versionEndExcluding": "10.0.10240.20469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D282E53-ABBF-4832-9C93-A988586AE96E",
"versionEndExcluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1689DFD-D52D-4121-BFD7-DBF2BE4E7DE8",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C78776CC-3A9C-41A3-8BEB-D71D92F6579D",
"versionEndExcluding": "10.0.19044.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806CA6D2-42B2-4244-A5ED-D23E6DD56772",
"versionEndExcluding": "10.0.19045.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7F8173-9E59-48E4-98C9-4BEB6AE79451",
"versionEndExcluding": "10.0.22000.2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1",
"versionEndExcluding": "10.0.22621.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900D1DA2-6DA7-4681-966A-B9973B1329EA",
"versionEndExcluding": "10.0.22631.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14F86494-7001-40DB-A99E-34A9490F5B58",
"versionEndExcluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9098F92-79E7-4762-A37C-99B4CFA8CDD1",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D",
"versionEndExcluding": "10.0.20348.2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B",
"versionEndExcluding": "10.0.25398.709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Proveedor Microsoft WDAC OLE DB para la vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de SQL Server"
}
],
"id": "CVE-2024-21360",
"lastModified": "2024-11-21T08:54:11.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:15:52.887",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21360"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 20:02
Severity ?
Summary
Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43515 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DDF28-F8D4-4F42-ACE0-ED41C3628A8D",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "58DB776E-E3B6-4990-8AA2-6A63FDAA84C4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4AC4CAAB-C035-4D00-8DBC-9C3CE39FBBD4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8ED2CAD8-D2E2-4AF5-874A-2938D3C3EA0F",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10021958-69E6-4B2A-8DF1-ECA2C2D95328",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE70C979-F86C-43B3-BCF6-F8A3E1DB6042",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801079-35D1-4489-A0AE-DA780FF4F9BC",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E727AE65-9D9E-49BA-A875-9D50FAE9F7DB",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1732A1-CE96-4F6A-BA6D-E67CD42C486D",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07DF8B6-0DF9-4BF1-9C9B-4A29F9611C8A",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio en la interfaz de sistemas inform\u00e1ticos peque\u00f1os de Internet (iSCSI)"
}
],
"id": "CVE-2024-43515",
"lastModified": "2024-10-17T20:02:28.623",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:14.130",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43515"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:16
Modified
2025-07-08 17:09
Severity ?
Summary
Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27731 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACCA6F4-C140-4B2E-93FF-1B9DC093E831",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09E0970D-79B9-40D9-BFFF-25EE5A686B04",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640C45C8-83C3-4BBC-9176-705BEAA80E64",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9402D-6417-4F82-909A-D89C06C98794",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4B5FB3-A574-4DA6-9A43-0950B121CC92",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en OpenSSH para Windows permite que un atacante autorizado eleve privilegios localmente."
}
],
"id": "CVE-2025-27731",
"lastModified": "2025-07-08T17:09:36.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:16:01.163",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27731"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 18:37
Severity ?
Summary
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43525 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8ED2CAD8-D2E2-4AF5-874A-2938D3C3EA0F",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10021958-69E6-4B2A-8DF1-ECA2C2D95328",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE70C979-F86C-43B3-BCF6-F8A3E1DB6042",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801079-35D1-4489-A0AE-DA780FF4F9BC",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E727AE65-9D9E-49BA-A875-9D50FAE9F7DB",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1732A1-CE96-4F6A-BA6D-E67CD42C486D",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07DF8B6-0DF9-4BF1-9C9B-4A29F9611C8A",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Mobile Broadband Driver Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el controlador de banda ancha de Windows Mobile"
}
],
"id": "CVE-2024-43525",
"lastModified": "2024-10-17T18:37:25.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:16.220",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43525"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 20:54
Severity ?
Summary
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38114 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E76B107-D977-41BE-8E5C-6A9B52C6EBDE",
"versionEndExcluding": "10.0.10240.20751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6808A3F0-AC0E-4825-A582-5D7841F4870F",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0893DB0-24BA-41A1-907E-8B6F66741A0E",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98",
"versionEndExcluding": "10.0.19044.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9C3ED0-C639-42B9-8512-5CAD50B7095B",
"versionEndExcluding": "10.0.19045.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E",
"versionEndExcluding": "10.0.22000.3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28824912-3E9D-4E1E-AE1F-F9700DB892C0",
"versionEndExcluding": "6.2.9200.25031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows IP Routing Management Snapin Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del complemento de administraci\u00f3n de enrutamiento IP de Windows"
}
],
"id": "CVE-2024-38114",
"lastModified": "2024-08-16T20:54:28.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:11.820",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38114"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 20:02
Severity ?
Summary
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43517 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DDF28-F8D4-4F42-ACE0-ED41C3628A8D",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "58DB776E-E3B6-4990-8AA2-6A63FDAA84C4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4AC4CAAB-C035-4D00-8DBC-9C3CE39FBBD4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8ED2CAD8-D2E2-4AF5-874A-2938D3C3EA0F",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10021958-69E6-4B2A-8DF1-ECA2C2D95328",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE70C979-F86C-43B3-BCF6-F8A3E1DB6042",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801079-35D1-4489-A0AE-DA780FF4F9BC",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E727AE65-9D9E-49BA-A875-9D50FAE9F7DB",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1732A1-CE96-4F6A-BA6D-E67CD42C486D",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07DF8B6-0DF9-4BF1-9C9B-4A29F9611C8A",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft ActiveX Data Objects Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en objetos de datos de Microsoft ActiveX"
}
],
"id": "CVE-2024-43517",
"lastModified": "2024-10-17T20:02:38.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:14.540",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43517"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:16
Modified
2025-01-17 15:36
Severity ?
Summary
Microsoft Brokering File System Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21372 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155593BE-9192-4286-81F7-2C66B55B0438",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Brokering File System Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Brokering File System"
}
],
"id": "CVE-2025-21372",
"lastModified": "2025-01-17T15:36:24.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:16:02.813",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21372"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 18:15
Modified
2024-11-21 08:54
Severity ?
Summary
Windows USB Generic Parent Driver Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21339 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21339 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "97FA2666-D83E-4645-AB34-B17DD82A705B",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9EF5A993-EF3B-4BE1-8325-62354DD7A7E7",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "1957C71A-2CE0-4173-8BB6-0BE0E93E9BCC",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C78776CC-3A9C-41A3-8BEB-D71D92F6579D",
"versionEndExcluding": "10.0.19044.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806CA6D2-42B2-4244-A5ED-D23E6DD56772",
"versionEndExcluding": "10.0.19045.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7F8173-9E59-48E4-98C9-4BEB6AE79451",
"versionEndExcluding": "10.0.22000.2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1",
"versionEndExcluding": "10.0.22621.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900D1DA2-6DA7-4681-966A-B9973B1329EA",
"versionEndExcluding": "10.0.22631.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9098F92-79E7-4762-A37C-99B4CFA8CDD1",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D",
"versionEndExcluding": "10.0.20348.2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B",
"versionEndExcluding": "10.0.25398.709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows USB Generic Parent Driver Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del controlador principal gen\u00e9rico USB de Windows"
}
],
"id": "CVE-2024-21339",
"lastModified": "2024-11-21T08:54:08.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:15:49.267",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21339"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-12 18:15
Modified
2024-11-18 22:20
Severity ?
Summary
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43638 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "94D57126-EC8D-4898-A5FE-D7EB6463B634",
"versionEndExcluding": "10.0.10240.20826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "54AA8A1F-0EAD-406A-A4AF-B86C316D1089",
"versionEndExcluding": "10.0.10240.20826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "86F8F1B2-C206-4CD6-83C6-C450329CEE10",
"versionEndExcluding": "10.0.14393.7515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "FCBE6103-075E-4841-836D-4E0D630E99FF",
"versionEndExcluding": "10.0.14393.7515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "81C732A1-CC0F-4633-B00D-473869E77DB9",
"versionEndExcluding": "10.0.17763.6532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "AF9C20B8-CB5E-46C9-B041-D6A42C26703B",
"versionEndExcluding": "10.0.17763.6532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "71AD0B79-C3EF-4E13-AB04-D5FAEABA6954",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B35413A3-DE3B-4E35-AB48-C6D5D138AC07",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "D0558F5F-A561-41E9-9242-7F4A5D924479",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EA243DE7-EDB1-43DA-AD7E-541843DECB58",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5D428E06-FC7C-4151-9582-D66D05D7AFE6",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "FB49C811-F4D7-46EB-9ED6-50CB3EAAAD90",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "04BC0915-6F14-4D7A-951F-83CBAB47C3C4",
"versionEndExcluding": "10.0.22621.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8A16CFCB-D002-4F63-B568-9D14ACE88E94",
"versionEndExcluding": "10.0.22621.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B8FE14E5-7226-43CA-A57E-A81636185AD4",
"versionEndExcluding": "10.0.22631.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "97507261-3969-4EBF-BCED-93FBADCBB6DC",
"versionEndExcluding": "10.0.22631.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D32C04CA-E5BE-47CA-AF79-B39859288531",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "40A6B92E-21C6-4BDD-BA57-DC227FF0F998",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82E3AC46-9D0D-4381-93EE-FE87C212040A",
"versionEndExcluding": "10.0.14393.7515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A43E1F6C-B2A7-4DEC-B4EC-04153746C42B",
"versionEndExcluding": "10.0.17763.6532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38D9CE84-B85F-42B0-959D-A390427A1641",
"versionEndExcluding": "10.0.20348.2849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A549BD98-3DE2-4EF3-A579-12AFCB764975",
"versionEndExcluding": "10.0.25398.1251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F17FD7F-254D-4EE6-9D22-468E76D9B054",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows USB Video Class System Driver Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el controlador del sistema de clase de v\u00eddeo USB de Windows"
}
],
"id": "CVE-2024-43638",
"lastModified": "2024-11-18T22:20:47.567",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-11-12T18:15:33.013",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43638"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 17:16
Modified
2024-11-21 09:11
Severity ?
Summary
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30000 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30000 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA2824B-BEA1-438D-A606-65BF5C85AF19",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64DEDA09-D9D3-4974-A4C1-36D2A7C27916",
"versionEndExcluding": "10.0.19044.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAF4860-124C-4A1B-AF4B-12C676E545DC",
"versionEndExcluding": "10.0.19045.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C65169A-BEF8-4C27-8F3C-F30401DFDB71",
"versionEndExcluding": "10.0.22000.2960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96D1BF2-D11D-4355-A9E8-7F89485772D3",
"versionEndExcluding": "10.0.22621.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44D7840D-388C-46D8-9782-A49FE9D54704",
"versionEndExcluding": "10.0.22631.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3B72F9-A2EA-4C74-98B5-3543A98B9098",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31EAEF01-DD3A-4DDC-8D12-2AE71CADD6BD",
"versionEndExcluding": "10.0.20348.2458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7510F630-1C49-4F21-A814-2406F94CA5C7",
"versionEndExcluding": "10.0.25398.887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Mobile Broadband Driver Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del controlador de banda ancha de Windows Mobile"
}
],
"id": "CVE-2024-30000",
"lastModified": "2024-11-21T09:11:01.630",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-05-14T17:16:26.977",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30000"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-15 20:10
Severity ?
Summary
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21334 | Patch, Vendor Advisory |
Impacted products
{
"cisaActionDue": "2025-02-04",
"cisaExploitAdd": "2025-01-14",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C4AF6108-E473-4695-B5AE-A4449A7A6E22",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "146C68DB-CB79-4CCA-BCCF-DDB7E6B543DC",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "A9DDB80C-CA0E-4BF2-AB22-5240DFD39D1B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8092B56B-2B8D-43F0-8509-98788A8C26D8",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "2C70BB15-A938-4882-89FA-A865F308AA3B",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB980EBB-388D-4D0B-8154-C15EC4E77757",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "A491D1F2-50EF-4B26-8FA0-70484BD32E7A",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F187E54E-E615-444B-96C2-47222438B893",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155593BE-9192-4286-81F7-2C66B55B0438",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows Hyper-V NT Kernel Integration VSP"
}
],
"id": "CVE-2025-21334",
"lastModified": "2025-01-15T20:10:39.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:58.770",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21334"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-22 19:33
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38261 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-38261",
"lastModified": "2024-10-22T19:33:29.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-10-08T18:15:08.367",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38261"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-126"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 17:16
Severity ?
Summary
Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43544 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del protocolo de inscripci\u00f3n de certificados simples de Microsoft"
}
],
"id": "CVE-2024-43544",
"lastModified": "2024-10-17T17:16:51.173",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-10-08T18:15:19.487",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43544"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-22 12:54
Severity ?
Summary
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38262 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el servicio de licencias de escritorio remoto de Windows"
}
],
"id": "CVE-2024-38262",
"lastModified": "2024-10-22T12:54:48.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-10-08T18:15:08.593",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38262"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-591"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-21 19:58
Severity ?
Summary
Windows Installer Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21331 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Installer Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows Installer"
}
],
"id": "CVE-2025-21331",
"lastModified": "2025-01-21T19:58:20.833",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:58.120",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21331"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del servicio Windows Remote Desktop Licensing"
}
],
"id": "CVE-2024-38077",
"lastModified": "2024-11-21T09:24:51.367",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:42.430",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:27
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Windows DNS Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows DNS Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del servidor DNS de Windows"
}
],
"id": "CVE-2024-26224",
"lastModified": "2025-01-08T16:27:06.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:42.040",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26224"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:04
Severity ?
Summary
Secure Boot Security Feature Bypass Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de arranque seguro"
}
],
"id": "CVE-2024-28897",
"lastModified": "2025-01-08T16:04:12.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:48.080",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28897"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2024-12-06 15:37
Severity ?
Summary
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del servicio del subsistema de la autoridad de seguridad local de Microsoft"
}
],
"id": "CVE-2024-26209",
"lastModified": "2024-12-06T15:37:15.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:39.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26209"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-24 21:47
Severity ?
Summary
Windows COM Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21288 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows COM Server Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Windows COM Server"
}
],
"id": "CVE-2025-21288",
"lastModified": "2025-01-24T21:47:07.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:50.173",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21288"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-08 02:15
Modified
2025-04-16 16:15
Severity ?
Summary
Summary
Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.
Microsoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems.
If there are any further updates regarding mitigations for this vulnerability, this CVE will be updated and customers will be notified. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert if an update occurs.
Details
A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.
Microsoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems.
If there are any further... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61019899-D7AF-46E4-A72C-D189180F66AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E332666-2E03-468E-BC30-299816D6E8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F513002-D8C1-4D3A-9F79-4B52498F67E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB4AE761-6FAC-4000-A63D-42CE3FAB8412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4793BFB-2E4E-4067-87A5-4B8749025CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42D329B2-432D-4029-87EB-4C3C5F55CD95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75CCACE6-A0EE-4A6F-BD5A-7AA504B02717",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Summary\nMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.\nMicrosoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems.\nIf there are any further updates regarding mitigations for this vulnerability, this CVE will be updated and customers will be notified. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert if an update occurs.\nDetails\nA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.\nMicrosoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems.\nIf there are any further... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202"
},
{
"lang": "es",
"value": "Resumen: Se notific\u00f3 a Microsoft que existe una vulnerabilidad de elevaci\u00f3n de privilegios en Copias de seguridad de Windows, lo que podr\u00eda permitir que un atacante con privilegios de usuario b\u00e1sicos reintroduzca vulnerabilidades previamente mitigadas o eluda algunas caracter\u00edsticas de Seguridad basada en virtualizaci\u00f3n (VBS). Sin embargo, un atacante que intente aprovechar esta vulnerabilidad requiere interacci\u00f3n adicional por parte de un usuario privilegiado para tener \u00e9xito. Microsoft est\u00e1 desarrollando una actualizaci\u00f3n de seguridad para mitigar esta amenaza, pero a\u00fan no est\u00e1 disponible. En la secci\u00f3n acciones recomendadas de este CVE se proporciona orientaci\u00f3n para ayudar a los clientes a reducir los riesgos asociados con esta vulnerabilidad y proteger sus sistemas hasta que la mitigaci\u00f3n est\u00e9 disponible en una actualizaci\u00f3n de seguridad de Windows. Este CVE se actualizar\u00e1 y se notificar\u00e1 a los clientes cuando la mitigaci\u00f3n oficial est\u00e9 disponible en una actualizaci\u00f3n de seguridad de Windows. Recomendamos encarecidamente a los clientes que se suscriban a las notificaciones de la Gu\u00eda de actualizaci\u00f3n de seguridad para recibir una alerta cuando se produzca esta actualizaci\u00f3n. Detalles Un investigador de seguridad inform\u00f3 a Microsoft sobre una vulnerabilidad de elevaci\u00f3n de privilegios en Windows Backup que podr\u00eda permitir a un atacante con privilegios de usuario b\u00e1sicos reintroducir vulnerabilidades previamente mitigadas o eludir algunas caracter\u00edsticas de VBS. Para que la explotaci\u00f3n tenga \u00e9xito, un atacante debe enga\u00f1ar o convencer a un administrador o usuario con permisos delegados para que realice una restauraci\u00f3n del sistema, lo que inadvertidamente desencadena la vulnerabilidad. Microsoft est\u00e1 desarrollando una actualizaci\u00f3n de seguridad que mitigar\u00e1 esta vulnerabilidad, pero a\u00fan no est\u00e1 disponible. Este CVE se actualizar\u00e1 con nueva informaci\u00f3n y enlaces a las actualizaciones de seguridad una vez que est\u00e9n disponibles. Recomendamos encarecidamente a los clientes que se suscriban a las notificaciones de la Gu\u00eda de actualizaciones de seguridad para recibir alertas sobre las actualizaciones. Consulte la Gu\u00eda de actualizaciones de seguridad y notificaciones t\u00e9cnicas de seguridad de Microsoft. Noticias del sistema de notificaciones: cree su perfil ahora: Centro de respuestas de seguridad de Microsoft. Microsoft no tiene conocimiento de ning\u00fan intento de aprovechar esta vulnerabilidad. Sin embargo, el 7 de agosto de 2024 se realiz\u00f3 una presentaci\u00f3n p\u00fablica sobre esta vulnerabilidad en BlackHat. La presentaci\u00f3n se coordin\u00f3 adecuadamente con Microsoft, pero puede cambiar el panorama de amenazas. Los clientes preocupados por estos riesgos deben consultar la gu\u00eda proporcionada en la secci\u00f3n Acciones recomendadas para proteger sus sistemas. Acciones recomendadas Las siguientes recomendaciones no mitigan la vulnerabilidad, pero pueden usarse para reducir el riesgo de explotaci\u00f3n hasta que la actualizaci\u00f3n de seguridad est\u00e9 disponible. Audite a los usuarios con permiso para realizar operaciones de copia de seguridad y restauraci\u00f3n para garantizar que solo los usuarios adecuados puedan realizar estas operaciones. Auditor\u00eda: Audite el uso del privilegio de Copia de seguridad y restauraci\u00f3n (Windows 10) - Windows 10 | Microsoft Learn Implemente una lista de control de acceso o listas de control de acceso discrecionales para restringir el acceso o la modificaci\u00f3n de los archivos de copia de seguridad y realizar operaciones de restauraci\u00f3n para los usuarios adecuados, por ejemplo, solo administradores. Descripci\u00f3n general del control de acceso | Listas de control de acceso discrecional (DACL) de Microsoft Learn La auditor\u00eda de los privilegios confidenciales utilizados para identificar el acceso, la modificaci\u00f3n o el reemplazo de archivos relacionados con la copia de seguridad podr\u00eda ayudar a indicar intentos de aprovechar esta vulnerabilidad. Auditar el uso de privilegios confidenciales - Windows 10 | Microsoft aprende"
}
],
"id": "CVE-2024-38202",
"lastModified": "2025-04-16T16:15:28.697",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-08T02:15:38.180",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.vicarius.io/vsociety/posts/cve-2024-38202-potential-elevation-of-privilege-vulnerability-in-windows-backup-detection-script"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.vicarius.io/vsociety/posts/cve-2024-38202-potential-elevation-of-privilege-vulnerability-in-windows-backup-mitigation-script"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:16
Modified
2025-01-09 13:41
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Windows Hyper-V Denial of Service Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "7400FF15-17AF-402C-9FEB-BFBCEB49F6FB",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "29AF2660-C069-4B3C-A20A-F70018798E8A",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B39E1DA0-0115-4BD0-B714-3F2A6EFB9B88",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio de Windows Hyper-V"
}
],
"id": "CVE-2024-29064",
"lastModified": "2025-01-09T13:41:45.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:16:00.343",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29064"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-130"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-12 17:15
Modified
2024-12-27 17:48
Severity ?
Summary
Windows Kernel Information Disclosure Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9C29C6-636E-4023-88E0-8A8C4DDD3FA4",
"versionEndExcluding": "10.0.10240.20526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A332CC68-568F-406B-8463-9FEF359BEA4C",
"versionEndExcluding": "10.0.22631.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB",
"versionEndExcluding": "10.0.25398.763",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del kernel de Windows"
}
],
"id": "CVE-2024-26177",
"lastModified": "2024-12-27T17:48:45.967",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-03-12T17:15:57.033",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26177"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:16
Modified
2025-01-17 15:39
Severity ?
Summary
Windows CSC Service Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21374 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155593BE-9192-4286-81F7-2C66B55B0438",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows CSC Service Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del servicio Windows CSC"
}
],
"id": "CVE-2025-21374",
"lastModified": "2025-01-17T15:39:11.143",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:16:03.003",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21374"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-13 17:15
Modified
2025-05-19 18:18
Severity ?
Summary
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29837 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B6B5CAA-8A5A-4676-BC01-CD97BDCE5763",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4E77111E-B41A-4E88-AC0B-2EBEC9E042FF",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "A725E104-8456-4AE8-9A9D-10127FC36BDE",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4720EC2C-1371-4D1F-80E6-7804D079C183",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "63199B82-79B6-461A-AC6D-CD1EE5EBCC80",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C7D99F6B-B97B-4010-AA5C-84E9FE50D860",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8047D88E-3BAD-4DCE-A1CD-68BEBEE06D50",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "66B77F75-39F2-46EE-BC6F-06650808568E",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "63101BFA-2F60-49BD-8E03-6F13FA9A106D",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "26BA0DF8-5B45-4B1D-A5F2-3D3B7A60AF90",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "404F532F-861B-42E0-B31D-325E5CFEE8EC",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "2A951F53-2D80-44A8-ADE4-9E26702BB76E",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "CA321DC2-D196-4C81-87E8-B1A240A75CB8",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CA476FFD-741C-4534-AA84-BA3511AE1413",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "28D1BDF2-8DF7-48DF-BBF7-E5DE3EF243D1",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3F66E394-51B6-48B2-AFF6-A45007E654AD",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "4448191F-2152-4E7F-8D4A-4EE7ED6657D6",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "7CE8E58A-59AA-4649-8C0F-0DB11A1D1936",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91433700-DB90-4524-8FAE-FF3895C2A45F",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B47EE2B-4081-4D43-8AF7-C8EB11852312",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76679D4E-C4EF-4EED-BCDE-79F5AF859576",
"versionEndExcluding": "10.0.20348.3692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9B2720-3733-4C50-85F7-156D781D15B8",
"versionEndExcluding": "10.0.25398.1611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE51E4F-FCFF-4DC0-9B76-861EE20D54A4",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper link resolution before file access (\u0027link following\u0027) in Windows Installer allows an authorized attacker to disclose information locally."
},
{
"lang": "es",
"value": "La resoluci\u00f3n incorrecta de un enlace antes del acceso al archivo (\u0027seguimiento de enlace\u0027) en Windows Installer permite que un atacante autorizado divulgue informaci\u00f3n localmente."
}
],
"id": "CVE-2025-29837",
"lastModified": "2025-05-19T18:18:32.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-05-13T17:15:54.233",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29837"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-14 18:17
Severity ?
Summary
Windows OLE Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38152 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E76B107-D977-41BE-8E5C-6A9B52C6EBDE",
"versionEndExcluding": "10.0.10240.20751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6808A3F0-AC0E-4825-A582-5D7841F4870F",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0893DB0-24BA-41A1-907E-8B6F66741A0E",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98",
"versionEndExcluding": "10.0.19044.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9C3ED0-C639-42B9-8512-5CAD50B7095B",
"versionEndExcluding": "10.0.19045.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E",
"versionEndExcluding": "10.0.22000.3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28824912-3E9D-4E1E-AE1F-F9700DB892C0",
"versionEndExcluding": "6.2.9200.25031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows OLE Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo OLE de Windows"
}
],
"id": "CVE-2024-38152",
"lastModified": "2024-08-14T18:17:42.207",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:20.380",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38152"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-24 21:53
Severity ?
Summary
Windows Telephony Service Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21243 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Windows Telephony Service"
}
],
"id": "CVE-2025-21243",
"lastModified": "2025-01-24T21:53:48.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:40.180",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21243"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D00F295B-6ECF-43C4-BD71-98F835CCDB0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "1648C361-E25C-42FE-8543-03DE56100201",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2A7014-8078-4C40-91E3-ACA60A98AC68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "979081E3-FB60-43E0-BF86-ED301E7EF25C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7487B8-BE4D-4707-9E20-39840A260831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47D0AB10-CD2F-4500-A4D6-CC2BA724036C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "AA1CCA3D-299D-4BCD-8565-98083C40525C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "8968BAC8-A1DB-4F88-89F8-4BE47919C247",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4E76DC-838A-46D7-BC09-E2C149699050",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0241B0-855A-489C-9AAE-68BC2556F24D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "AA1CCA3D-299D-4BCD-8565-98083C40525C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "8968BAC8-A1DB-4F88-89F8-4BE47919C247",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D400E856-2B2E-4CEA-8CA5-309FDF371CEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "979081E3-FB60-43E0-BF86-ED301E7EF25C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7487B8-BE4D-4707-9E20-39840A260831",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47D0AB10-CD2F-4500-A4D6-CC2BA724036C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB5C848-9883-4FE0-9A6B-B7B52E704AC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50D643A0-5F16-4D63-BF83-19DF8F93AE25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0241B0-855A-489C-9AAE-68BC2556F24D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B822942-B429-406C-A13A-A2379AA952CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1233A609-9772-490F-80F5-8AA750BF25CE",
"versionEndExcluding": "6.0.32",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF1832B-95B7-4253-92EC-0912987D8C42",
"versionEndExcluding": "17.4.21",
"versionStartIncluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB946EB4-95CC-42FC-9D47-445D7E1C3E38",
"versionEndExcluding": "17.6.17",
"versionStartIncluding": "17.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65299FC5-169B-4642-B961-647EEE2DA0BD",
"versionEndExcluding": "17.8.12",
"versionStartIncluding": "17.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D00F295B-6ECF-43C4-BD71-98F835CCDB0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "0A1BC97A-263E-4291-8AEF-02EE4E6031E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2A7014-8078-4C40-91E3-ACA60A98AC68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4E76DC-838A-46D7-BC09-E2C149699050",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en .NET, .NET Framework y Visual Studio"
}
],
"id": "CVE-2024-38081",
"lastModified": "2024-11-21T09:24:51.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:43.750",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-11 17:16
Modified
2025-07-02 15:05
Severity ?
Summary
Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24066 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E25C5E4-77D3-4A18-B08B-B157E336218F",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83256070-991F-404C-AE4C-CBB46166CA67",
"versionEndExcluding": "10.0.19044.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F779E2-8536-4B06-A151-6115C9D88D29",
"versionEndExcluding": "10.0.19045.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B27CE48-66A0-488B-A7B6-18A5A191AFDA",
"versionEndExcluding": "10.0.22621.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77DC7D9D-F85F-41B4-A944-D27B388A1157",
"versionEndExcluding": "10.0.22631.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84168D48-1F68-4590-98BB-E926339D1A01",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF468977-7A8C-4234-B244-FA75CB6A124E",
"versionEndExcluding": "10.0.26100.3476",
"versionStartExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7610CDB-A02B-4C62-B17F-6DCE2B3DE4F0",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF423F8C-2E8A-46AB-BB2D-C416BF341F92",
"versionEndExcluding": "10.0.25398.1486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF81B44C-8FF7-4C61-9974-3F98DA9D492C",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1438B9AF-92B2-439B-8656-C87B8F8E30A5",
"versionEndExcluding": "10.0.26100.3476",
"versionStartExcluding": "10.0.26100.3403",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer basado en mont\u00f3n en los controladores de modo kernel de Windows permite que un atacante autorizado eleve privilegios localmente."
}
],
"id": "CVE-2025-24066",
"lastModified": "2025-07-02T15:05:31.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-03-11T17:16:29.223",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24066"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 21:06
Severity ?
Summary
Windows Common Log File System Driver Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43501 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8D5CDF9D-43B5-411C-9627-14DECDA937BF",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "84562B34-6BC0-4DBD-B153-C8F1A065A08D",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "58DB776E-E3B6-4990-8AA2-6A63FDAA84C4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4AC4CAAB-C035-4D00-8DBC-9C3CE39FBBD4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8ED2CAD8-D2E2-4AF5-874A-2938D3C3EA0F",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10021958-69E6-4B2A-8DF1-ECA2C2D95328",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE70C979-F86C-43B3-BCF6-F8A3E1DB6042",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801079-35D1-4489-A0AE-DA780FF4F9BC",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E727AE65-9D9E-49BA-A875-9D50FAE9F7DB",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1732A1-CE96-4F6A-BA6D-E67CD42C486D",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07DF8B6-0DF9-4BF1-9C9B-4A29F9611C8A",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Common Log File System Driver Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del controlador del sistema de archivos de registro com\u00fan de Windows"
}
],
"id": "CVE-2024-43501",
"lastModified": "2024-10-17T21:06:07.377",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:11.670",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43501"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:16
Modified
2025-07-10 15:44
Severity ?
Summary
Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27736 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "474622F8-06D4-4AD1-8D72-A674909A7634",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "559D55D4-2BF2-4B8F-90CA-C6B885334A3E",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACCA6F4-C140-4B2E-93FF-1B9DC093E831",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09E0970D-79B9-40D9-BFFF-25EE5A686B04",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640C45C8-83C3-4BBC-9176-705BEAA80E64",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9402D-6417-4F82-909A-D89C06C98794",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4B5FB3-A574-4DA6-9A43-0950B121CC92",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally."
},
{
"lang": "es",
"value": "La exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en Windows Power Dependency Coordinator permite que un atacante autorizado divulgue informaci\u00f3n localmente."
}
],
"id": "CVE-2025-27736",
"lastModified": "2025-07-10T15:44:50.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:16:01.913",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27736"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 18:15
Modified
2024-11-21 08:09
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Windows Hyper-V Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36408 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36408 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4C3EB2B6-8A7D-48D0-8FBD-EDD32A02B0A8",
"versionEndExcluding": "10.0.14393.6452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "455A430D-8451-4B60-8496-E0A0CE27EDE3",
"versionEndExcluding": "10.0.17763.5122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "058883C8-393C-4B21-860B-A49BAB8E56B6",
"versionEndExcluding": "10.0.19041.3693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85ABCA53-40C8-452B-8D2F-7AAF3624DCD4",
"versionEndExcluding": "10.0.19045.3693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCCEFB5-50CD-4D8A-B4A8-16B357367487",
"versionEndExcluding": "10.0.22000.2600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "656DB244-CD92-4288-A4CD-76ED0492D65C",
"versionEndExcluding": "10.0.22621.2715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC26CE6D-0DFD-4642-A806-2A312888A451",
"versionEndExcluding": "10.0.22631.2715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A",
"versionEndExcluding": "10.0.25398.531",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de Windows Hyper-V."
}
],
"id": "CVE-2023-36408",
"lastModified": "2024-11-21T08:09:41.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T18:15:43.680",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36408"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
Secure Boot Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37975 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37975 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE",
"versionEndExcluding": "10.0.10240.20710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de arranque seguro"
}
],
"id": "CVE-2024-37975",
"lastModified": "2024-11-21T09:24:37.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:24.470",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37975"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:11
Severity ?
Summary
Windows MultiPoint Services Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30013 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30013 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows MultiPoint Services Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Windows MultiPoint Services"
}
],
"id": "CVE-2024-30013",
"lastModified": "2024-11-21T09:11:03.577",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:15.660",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30013"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 16:41
Severity ?
Summary
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38118 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E76B107-D977-41BE-8E5C-6A9B52C6EBDE",
"versionEndExcluding": "10.0.10240.20751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6808A3F0-AC0E-4825-A582-5D7841F4870F",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0893DB0-24BA-41A1-907E-8B6F66741A0E",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98",
"versionEndExcluding": "10.0.19044.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9C3ED0-C639-42B9-8512-5CAD50B7095B",
"versionEndExcluding": "10.0.19045.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E",
"versionEndExcluding": "10.0.22000.3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28824912-3E9D-4E1E-AE1F-F9700DB892C0",
"versionEndExcluding": "6.2.9200.25031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del servidor de la Autoridad de seguridad local (LSA) de Microsoft"
}
],
"id": "CVE-2024-38118",
"lastModified": "2024-08-16T16:41:04.497",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:12.817",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38118"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-12 17:15
Modified
2024-11-29 20:49
Severity ?
Summary
Windows Kerberos Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21427 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21427 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kerberos Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad Kerberos de Windows"
}
],
"id": "CVE-2024-21427",
"lastModified": "2024-11-29T20:49:42.757",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-03-12T17:15:51.233",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21427"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
Windows Imaging Component Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38060 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38060 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE",
"versionEndExcluding": "10.0.10240.20710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Imaging Component Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Windows Imaging Component"
}
],
"id": "CVE-2024-38060",
"lastModified": "2024-11-21T09:24:48.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:37.440",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38060"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-12 17:15
Modified
2024-12-05 03:25
Severity ?
Summary
Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90D10880-2D62-4AC6-9712-0A0519F50CEE",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FACDC7-EB1C-4F9E-8841-B4F5D740E833",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBF7292-731F-493E-BF30-C8561ACFE379",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA95D8E-CAD9-4D07-AE35-36D83D546AA8",
"versionEndExcluding": "10.0.19044.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "968B931A-18E6-4425-B326-5A02C0B93A08",
"versionEndExcluding": "10.0.19045.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D08CEC8B-343C-486E-B6FA-F4D60ACF7E63",
"versionEndExcluding": "10.0.22000.2836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBD4A55-729C-4F86-AE29-6067F62FD03A",
"versionEndExcluding": "10.0.22621.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A332CC68-568F-406B-8463-9FEF359BEA4C",
"versionEndExcluding": "10.0.22631.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F08760C-CF31-4507-8CBD-21A2FEAE478C",
"versionEndExcluding": "10.0.20348.2333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB",
"versionEndExcluding": "10.0.25398.763",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en archivos de sistema de clase SCSI de Microsoft Windows"
}
],
"id": "CVE-2024-21434",
"lastModified": "2024-12-05T03:25:12.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-03-12T17:15:52.220",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21434"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-197"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-23 00:15
Modified
2025-02-05 02:00
Severity ?
Summary
.NET Framework Information Disclosure Vulnerability
References
Impacted products
{
"cisaActionDue": "2025-02-25",
"cisaExploitAdd": "2025-02-04",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft .NET Framework Information Disclosure Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61019899-D7AF-46E4-A72C-D189180F66AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61019899-D7AF-46E4-A72C-D189180F66AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E332666-2E03-468E-BC30-299816D6E8ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F513002-D8C1-4D3A-9F79-4B52498F67E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB4AE761-6FAC-4000-A63D-42CE3FAB8412",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D400E856-2B2E-4CEA-8CA5-309FDF371CEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "280FE663-23BE-45D2-9B31-5F577E390B48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "A045AC0A-471E-444C-B3B0-4CABC23E8CFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F513002-D8C1-4D3A-9F79-4B52498F67E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8DC08D-A860-493A-8AA6-1AD4A0A511AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB4AE761-6FAC-4000-A63D-42CE3FAB8412",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4793BFB-2E4E-4067-87A5-4B8749025CA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42D329B2-432D-4029-87EB-4C3C5F55CD95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75CCACE6-A0EE-4A6F-BD5A-7AA504B02717",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61019899-D7AF-46E4-A72C-D189180F66AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ".NET Framework Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de .NET Framework"
}
],
"id": "CVE-2024-29059",
"lastModified": "2025-02-05T02:00:01.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-03-23T00:15:09.150",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-16 21:48
Severity ?
Summary
Remote Desktop Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43533 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "FE4A4090-29D6-4B44-9B01-858886DAD93D",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "41629AD7-FF9A-4C54-9FFE-800F4C1E719B",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "89687486-E330-4475-9119-0E0AD18F8129",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B0F11A8-E14B-4A82-BB09-C4259FC6B0E6",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "FD22B308-7AB1-4820-8B4F-E79C18DB0FF0",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6D7CF880-E057-4694-8DD2-FF62D41A5BB7",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "1262CACE-C787-4F46-9E12-C9F254225FC5",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ED2BB762-C417-4B64-80A2-ED152893FAD7",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "667C418E-FC6F-461C-B4F8-CC4E8530EA38",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Remote Desktop Client Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el cliente de escritorio remoto"
}
],
"id": "CVE-2024-43533",
"lastModified": "2024-10-16T21:48:30.067",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:17.437",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43533"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-12 18:15
Modified
2024-11-18 22:15
Severity ?
Summary
Windows Client-Side Caching Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43644 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "94D57126-EC8D-4898-A5FE-D7EB6463B634",
"versionEndExcluding": "10.0.10240.20826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "54AA8A1F-0EAD-406A-A4AF-B86C316D1089",
"versionEndExcluding": "10.0.10240.20826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "86F8F1B2-C206-4CD6-83C6-C450329CEE10",
"versionEndExcluding": "10.0.14393.7515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "FCBE6103-075E-4841-836D-4E0D630E99FF",
"versionEndExcluding": "10.0.14393.7515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "81C732A1-CC0F-4633-B00D-473869E77DB9",
"versionEndExcluding": "10.0.17763.6532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "AF9C20B8-CB5E-46C9-B041-D6A42C26703B",
"versionEndExcluding": "10.0.17763.6532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "71AD0B79-C3EF-4E13-AB04-D5FAEABA6954",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B35413A3-DE3B-4E35-AB48-C6D5D138AC07",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "D0558F5F-A561-41E9-9242-7F4A5D924479",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EA243DE7-EDB1-43DA-AD7E-541843DECB58",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5D428E06-FC7C-4151-9582-D66D05D7AFE6",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "FB49C811-F4D7-46EB-9ED6-50CB3EAAAD90",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "04BC0915-6F14-4D7A-951F-83CBAB47C3C4",
"versionEndExcluding": "10.0.22621.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8A16CFCB-D002-4F63-B568-9D14ACE88E94",
"versionEndExcluding": "10.0.22621.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B8FE14E5-7226-43CA-A57E-A81636185AD4",
"versionEndExcluding": "10.0.22631.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "97507261-3969-4EBF-BCED-93FBADCBB6DC",
"versionEndExcluding": "10.0.22631.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D32C04CA-E5BE-47CA-AF79-B39859288531",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "40A6B92E-21C6-4BDD-BA57-DC227FF0F998",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82E3AC46-9D0D-4381-93EE-FE87C212040A",
"versionEndExcluding": "10.0.14393.7515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A43E1F6C-B2A7-4DEC-B4EC-04153746C42B",
"versionEndExcluding": "10.0.17763.6532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38D9CE84-B85F-42B0-959D-A390427A1641",
"versionEndExcluding": "10.0.20348.2849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A549BD98-3DE2-4EF3-A579-12AFCB764975",
"versionEndExcluding": "10.0.25398.1251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F17FD7F-254D-4EE6-9D22-468E76D9B054",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Client-Side Caching Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el almacenamiento en cach\u00e9 del lado del cliente de Windows"
}
],
"id": "CVE-2024-43644",
"lastModified": "2024-11-18T22:15:46.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-11-12T18:15:34.643",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43644"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-14 17:54
Severity ?
Summary
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "10F567C3-3739-4F3D-B9E0-D2725D09CE0D",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "04D1F48B-C323-4062-B5E1-9700ADBB153C",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "29B44B5E-3D35-4A5B-A916-6E70923FAB7C",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "77EAFFB9-3053-4197-B52D-69F4F86C8FBA",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5FA7C375-3A7C-4F34-B6E7-82C187B4F7AF",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "576F141F-C874-4817-961A-2C4D2AB3DEA4",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F814C24B-FA54-4B97-8387-6EE9AC269178",
"versionEndExcluding": "10.0.19044.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF40E59-FC32-4047-8A63-EE0819A32962",
"versionEndExcluding": "10.0.19045.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3B0836-B782-4C1A-B0D1-B6111CBC8DED",
"versionEndExcluding": "10.0.22621.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "594D3E33-9ADE-47EF-8032-A5EDC948F92B",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "361D1B8E-6E56-4B5F-85D1-D47114A10A81",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECABB2C-DACB-4BBD-8739-DDB00285B0A7",
"versionEndExcluding": "10.0.20348.2966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el Protocolo ligero de acceso a directorios (LDAP) de Windows"
}
],
"id": "CVE-2024-49112",
"lastModified": "2025-01-14T17:54:51.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:37.453",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 15:25
Severity ?
Summary
Windows Kernel Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38133 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0893DB0-24BA-41A1-907E-8B6F66741A0E",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98",
"versionEndExcluding": "10.0.19044.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9C3ED0-C639-42B9-8512-5CAD50B7095B",
"versionEndExcluding": "10.0.19045.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E",
"versionEndExcluding": "10.0.22000.3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del kernel de Windows"
}
],
"id": "CVE-2024-38133",
"lastModified": "2024-08-16T15:25:05.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:16.307",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38133"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-138"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
Secure Boot Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37974 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37974 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE",
"versionEndExcluding": "10.0.10240.20710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de arranque seguro"
}
],
"id": "CVE-2024-37974",
"lastModified": "2024-11-21T09:24:36.977",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:24.250",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37974"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 17:21
Modified
2025-07-10 15:00
Severity ?
Summary
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24069 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FCC2974E-F0F4-4F33-9CCE-2CEA45A3AD86",
"versionEndExcluding": "10.0.10240.21034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A94EDBE2-AAFF-4E9A-A9E5-9B02ADB94471",
"versionEndExcluding": "10.0.10240.21034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "21CF85F1-CE6E-4AA2-B686-20766DB23D46",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "10F0F3D2-00CD-4F52-B31E-DEA656DBD8B3",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F081F99C-6E6A-4AB2-8DE8-6457582D80D6",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "7D9FCD92-0CED-43D3-87E0-630B80AC1A89",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5667B11-7E10-4A08-89D2-253D682151C5",
"versionEndExcluding": "10.0.19044.5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CB6E81-62E0-4B19-ADE9-5ADB260CB960",
"versionEndExcluding": "10.0.19045.5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDDDE2C-0235-4792-905A-DDDF5D346BDC",
"versionEndExcluding": "10.0.22621.5472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53835865-3135-4F16-9868-C96D8C5E2BED",
"versionEndExcluding": "10.0.22631.5472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA78F5F9-AEE3-423B-B82A-9ECEF2BDADF3",
"versionEndExcluding": "10.0.26100.4270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B7111D-5C1D-415B-8ED4-F891B4832B18",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E77CCA1-2FF6-429B-85A6-81E2B7C6B08F",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "889A792E-8809-4A78-AABC-0567D025927A",
"versionEndExcluding": "10.0.20348.3745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "537E7AD5-0562-490B-AB16-0805F8865C74",
"versionEndExcluding": "10.0.25398.1665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4BB5C4-1318-4006-9C50-0AED4E0C8A3F",
"versionEndExcluding": "10.0.26100.4270",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
},
{
"lang": "es",
"value": "La lectura fuera de los l\u00edmites en el Proveedor de administraci\u00f3n de almacenamiento de Windows permite que un atacante autorizado divulgue informaci\u00f3n localmente."
}
],
"id": "CVE-2025-24069",
"lastModified": "2025-07-10T15:00:40.103",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-06-10T17:21:14.257",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24069"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-12 18:15
Modified
2024-11-21 08:10
Severity ?
Summary
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412DCA62-8009-40C3-B76C-F3791104F0C8",
"versionEndExcluding": "10.0.17763.5206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8412B39-CCB2-4FF5-B656-43C9EBF48E39",
"versionEndExcluding": "10.0.19041.3803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E6692-980B-435A-B9F3-AA00939E8D97",
"versionEndExcluding": "10.0.19045.3803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6",
"versionEndExcluding": "10.0.22000.2652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6",
"versionEndExcluding": "10.0.22621.2861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED",
"versionEndExcluding": "10.0.22631.2861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28E51B68-6AE4-4AF2-A7D3-7728E5D314D7",
"versionEndExcluding": "10.0.25398.584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del controlador del minifiltro de archivos en la nube de Windows"
}
],
"id": "CVE-2023-36696",
"lastModified": "2024-11-21T08:10:23.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2023-12-12T18:15:22.690",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-17 16:33
Severity ?
Summary
Win32k Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38246 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C7FEB1-00AE-42A6-BBAA-A30081BD4A83",
"versionEndExcluding": "10.0.19044.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6FBDC450-FB5A-469C-8D38-9586CE5A6F48",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6A08D353-356F-4BB0-A43F-15EBD6E2FB83",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "13DBA791-6F77-4DA1-8BF4-BA7C299C6188",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF161E1C-AF7E-4F75-86BA-8479D0BA8086",
"versionEndExcluding": "10.0.22000.3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10708C4D-4596-4089-8DDB-5479DE084F64",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "76AB8812-9BA5-415B-A6B1-C5AD065D3382",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5EFBBCCD-A83C-4D06-BBF0-1A4E5C9F0283",
"versionEndExcluding": "10.0.22631.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6231A772-376C-4ED3-919B-EAD9D1439021",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "82EA7851-0235-4ACA-8BDB-89243CF2BDA7",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904",
"versionEndExcluding": "10.0.20348.2700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0",
"versionEndExcluding": "10.0.25398.1128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Win32k Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Win32k"
}
],
"id": "CVE-2024-38246",
"lastModified": "2024-09-17T16:33:20.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:29.390",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38246"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 18:55
Severity ?
Summary
Windows Telephony Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43518 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DDF28-F8D4-4F42-ACE0-ED41C3628A8D",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "58DB776E-E3B6-4990-8AA2-6A63FDAA84C4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4AC4CAAB-C035-4D00-8DBC-9C3CE39FBBD4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8ED2CAD8-D2E2-4AF5-874A-2938D3C3EA0F",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10021958-69E6-4B2A-8DF1-ECA2C2D95328",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE70C979-F86C-43B3-BCF6-F8A3E1DB6042",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801079-35D1-4489-A0AE-DA780FF4F9BC",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E727AE65-9D9E-49BA-A875-9D50FAE9F7DB",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1732A1-CE96-4F6A-BA6D-E67CD42C486D",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07DF8B6-0DF9-4BF1-9C9B-4A29F9611C8A",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el servidor de telefon\u00eda de Windows"
}
],
"id": "CVE-2024-43518",
"lastModified": "2024-10-17T18:55:19.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:14.770",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43518"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-08 12:31
Severity ?
Summary
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49094 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5FA7C375-3A7C-4F34-B6E7-82C187B4F7AF",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "576F141F-C874-4817-961A-2C4D2AB3DEA4",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F814C24B-FA54-4B97-8387-6EE9AC269178",
"versionEndExcluding": "10.0.19044.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF40E59-FC32-4047-8A63-EE0819A32962",
"versionEndExcluding": "10.0.19045.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3B0836-B782-4C1A-B0D1-B6111CBC8DED",
"versionEndExcluding": "10.0.22621.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B584A6-DEDC-4D7C-9579-B82091B698E0",
"versionEndExcluding": "10.0.22631.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "594D3E33-9ADE-47EF-8032-A5EDC948F92B",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el servicio de red de \u00e1rea amplia inal\u00e1mbrico (WwanSvc)"
}
],
"id": "CVE-2024-49094",
"lastModified": "2025-01-08T12:31:41.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:34.920",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49094"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:15
Modified
2025-07-09 14:24
Severity ?
Summary
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26674 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACCA6F4-C140-4B2E-93FF-1B9DC093E831",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09E0970D-79B9-40D9-BFFF-25EE5A686B04",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640C45C8-83C3-4BBC-9176-705BEAA80E64",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9402D-6417-4F82-909A-D89C06C98794",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4B5FB3-A574-4DA6-9A43-0950B121CC92",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer basado en mont\u00f3n en Windows Media permite que un atacante autorizado ejecute c\u00f3digo localmente."
}
],
"id": "CVE-2025-26674",
"lastModified": "2025-07-09T14:24:32.313",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:15:51.553",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26674"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-08 12:43
Severity ?
Summary
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49080 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "10F567C3-3739-4F3D-B9E0-D2725D09CE0D",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "04D1F48B-C323-4062-B5E1-9700ADBB153C",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "29B44B5E-3D35-4A5B-A916-6E70923FAB7C",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "77EAFFB9-3053-4197-B52D-69F4F86C8FBA",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5FA7C375-3A7C-4F34-B6E7-82C187B4F7AF",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "576F141F-C874-4817-961A-2C4D2AB3DEA4",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F814C24B-FA54-4B97-8387-6EE9AC269178",
"versionEndExcluding": "10.0.19044.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF40E59-FC32-4047-8A63-EE0819A32962",
"versionEndExcluding": "10.0.19045.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3B0836-B782-4C1A-B0D1-B6111CBC8DED",
"versionEndExcluding": "10.0.22621.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B584A6-DEDC-4D7C-9579-B82091B698E0",
"versionEndExcluding": "10.0.22631.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "594D3E33-9ADE-47EF-8032-A5EDC948F92B",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "361D1B8E-6E56-4B5F-85D1-D47114A10A81",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECABB2C-DACB-4BBD-8739-DDB00285B0A7",
"versionEndExcluding": "10.0.20348.2966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows IP Routing Management Snapin Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el complemento de administraci\u00f3n de enrutamiento IP de Windows"
}
],
"id": "CVE-2024-49080",
"lastModified": "2025-01-08T12:43:19.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:32.427",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49080"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-24 21:54
Severity ?
Summary
Windows Telephony Service Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21250 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Windows Telephony Service"
}
],
"id": "CVE-2025-21250",
"lastModified": "2025-01-24T21:54:48.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:42.593",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21250"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 17:16
Modified
2025-01-08 15:44
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3CAB1AF9-3205-47E7-9F73-B4F29CB7499E",
"versionEndExcluding": "10.0.10240.20651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "17FA38AD-A8CD-4141-A555-0756F05C69B1",
"versionEndExcluding": "10.0.10240.20651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "208A4966-0B4A-44BD-A94E-D432529D4A7A",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "D0993DA2-43E8-4E09-A8FE-9D4EC48A881D",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA2824B-BEA1-438D-A606-65BF5C85AF19",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64DEDA09-D9D3-4974-A4C1-36D2A7C27916",
"versionEndExcluding": "10.0.19044.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAF4860-124C-4A1B-AF4B-12C676E545DC",
"versionEndExcluding": "10.0.19045.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C65169A-BEF8-4C27-8F3C-F30401DFDB71",
"versionEndExcluding": "10.0.22000.2960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96D1BF2-D11D-4355-A9E8-7F89485772D3",
"versionEndExcluding": "10.0.22621.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44D7840D-388C-46D8-9782-A49FE9D54704",
"versionEndExcluding": "10.0.22631.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B922822-E4BC-4538-9E88-EDA645062A44",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3B72F9-A2EA-4C74-98B5-3543A98B9098",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64742A11-4335-4D12-9112-B94B6FF44F41",
"versionEndExcluding": "10.0.20348.2461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7510F630-1C49-4F21-A814-2406F94CA5C7",
"versionEndExcluding": "10.0.25398.887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-30014",
"lastModified": "2025-01-08T15:44:31.357",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-05-14T17:16:44.540",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30014"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-197"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-08 12:26
Severity ?
Summary
Windows Kernel Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49084 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "10F567C3-3739-4F3D-B9E0-D2725D09CE0D",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "04D1F48B-C323-4062-B5E1-9700ADBB153C",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "29B44B5E-3D35-4A5B-A916-6E70923FAB7C",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "77EAFFB9-3053-4197-B52D-69F4F86C8FBA",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5FA7C375-3A7C-4F34-B6E7-82C187B4F7AF",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "576F141F-C874-4817-961A-2C4D2AB3DEA4",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F814C24B-FA54-4B97-8387-6EE9AC269178",
"versionEndExcluding": "10.0.19044.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF40E59-FC32-4047-8A63-EE0819A32962",
"versionEndExcluding": "10.0.19045.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3B0836-B782-4C1A-B0D1-B6111CBC8DED",
"versionEndExcluding": "10.0.22621.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B584A6-DEDC-4D7C-9579-B82091B698E0",
"versionEndExcluding": "10.0.22631.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "594D3E33-9ADE-47EF-8032-A5EDC948F92B",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "361D1B8E-6E56-4B5F-85D1-D47114A10A81",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECABB2C-DACB-4BBD-8739-DDB00285B0A7",
"versionEndExcluding": "10.0.20348.2966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el kernel de Windows"
}
],
"id": "CVE-2024-49084",
"lastModified": "2025-01-08T12:26:35.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:33.077",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49084"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-24 21:50
Severity ?
Summary
Windows Telephony Service Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21306 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Windows Telephony Service"
}
],
"id": "CVE-2025-21306",
"lastModified": "2025-01-24T21:50:18.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:53.630",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21306"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
Secure Boot Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38010 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38010 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE",
"versionEndExcluding": "10.0.10240.20710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de arranque seguro"
}
],
"id": "CVE-2024-38010",
"lastModified": "2024-11-21T09:24:41.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:26.497",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38010"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-130"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 18:39
Severity ?
Summary
Windows Hyper-V Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43521 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio en Windows Hyper-V"
}
],
"id": "CVE-2024-43521",
"lastModified": "2024-10-17T18:39:36.567",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-10-08T18:15:15.393",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43521"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-253"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 15:55
Severity ?
Summary
Windows Telephony Server Elevation of Privilege Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Server Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del servidor de telefon\u00eda de Windows"
}
],
"id": "CVE-2024-26239",
"lastModified": "2025-01-08T15:55:35.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:44.660",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26239"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 17:16
Modified
2025-01-08 15:45
Severity ?
Summary
Windows Cryptographic Services Information Disclosure Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3CAB1AF9-3205-47E7-9F73-B4F29CB7499E",
"versionEndExcluding": "10.0.10240.20651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "17FA38AD-A8CD-4141-A555-0756F05C69B1",
"versionEndExcluding": "10.0.10240.20651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "208A4966-0B4A-44BD-A94E-D432529D4A7A",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "D0993DA2-43E8-4E09-A8FE-9D4EC48A881D",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA2824B-BEA1-438D-A606-65BF5C85AF19",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64DEDA09-D9D3-4974-A4C1-36D2A7C27916",
"versionEndExcluding": "10.0.19044.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAF4860-124C-4A1B-AF4B-12C676E545DC",
"versionEndExcluding": "10.0.19045.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C65169A-BEF8-4C27-8F3C-F30401DFDB71",
"versionEndExcluding": "10.0.22000.2960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96D1BF2-D11D-4355-A9E8-7F89485772D3",
"versionEndExcluding": "10.0.22621.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44D7840D-388C-46D8-9782-A49FE9D54704",
"versionEndExcluding": "10.0.22631.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B922822-E4BC-4538-9E88-EDA645062A44",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3B72F9-A2EA-4C74-98B5-3543A98B9098",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64742A11-4335-4D12-9112-B94B6FF44F41",
"versionEndExcluding": "10.0.20348.2461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7510F630-1C49-4F21-A814-2406F94CA5C7",
"versionEndExcluding": "10.0.25398.887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Cryptographic Services Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de servicios criptogr\u00e1ficos de Windows"
}
],
"id": "CVE-2024-30016",
"lastModified": "2025-01-08T15:45:16.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-05-14T17:16:46.970",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30016"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-11 18:15
Modified
2025-02-26 16:39
Severity ?
Summary
Windows Installer Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21373 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8B692D57-D1F5-440E-AC28-C7633740ED6E",
"versionEndExcluding": "10.0.10240.20915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "44723F8C-6B56-4A27-B213-E822ADC16078",
"versionEndExcluding": "10.0.10240.20915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C91C224C-5CC9-42EF-8053-AC80EE2CC2B5",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "07421D08-3F88-4532-B652-36825784EFF9",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B5BC47F5-150E-4D18-8CC4-356F22171D81",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "E448ECB4-CE46-4A29-A092-5A4D334E5535",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A932CBA3-651F-4BBA-968A-2D6CA7DF8506",
"versionEndExcluding": "10.0.19044.5487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "810C8ECB-619F-447C-B352-E66F7EF5216E",
"versionEndExcluding": "10.0.19045.5487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30AF7170-5722-4C9C-A8AD-7A9F0C5952EE",
"versionEndExcluding": "10.0.22621.4890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62FFD367-FB8B-48CA-813F-760E4F393555",
"versionEndExcluding": "10.0.22631.4890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C5B9BC-F08B-49F8-82D3-7CC6BDB68995",
"versionEndExcluding": "10.0.26100.3194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "208FA80F-F742-473E-81D5-003DC2BFFC6C",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273EE4B9-8B53-4387-98C8-EC5D2558DB82",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1711CDE0-4C93-40D3-91B7-DE507143A45F",
"versionEndExcluding": "10.0.20348.3207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FB476271-F7D2-40F9-BAFC-2DCD597BFE27",
"versionEndExcluding": "10.0.25398.1425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C5C38103-E0F4-4302-98CE-BD8B20460004",
"versionEndExcluding": "10.0.26100.3194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Installer Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows Installer"
}
],
"id": "CVE-2025-21373",
"lastModified": "2025-02-26T16:39:22.757",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-02-11T18:15:35.740",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21373"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 18:15
Modified
2024-11-21 08:54
Severity ?
Summary
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21405 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21405 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448534CE-1C07-4DF1-8EDD-C43C3492898B",
"versionEndExcluding": "10.0.10240.20469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D282E53-ABBF-4832-9C93-A988586AE96E",
"versionEndExcluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1689DFD-D52D-4121-BFD7-DBF2BE4E7DE8",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C78776CC-3A9C-41A3-8BEB-D71D92F6579D",
"versionEndExcluding": "10.0.19044.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806CA6D2-42B2-4244-A5ED-D23E6DD56772",
"versionEndExcluding": "10.0.19045.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7F8173-9E59-48E4-98C9-4BEB6AE79451",
"versionEndExcluding": "10.0.22000.2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1",
"versionEndExcluding": "10.0.22621.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900D1DA2-6DA7-4681-966A-B9973B1329EA",
"versionEndExcluding": "10.0.22631.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14F86494-7001-40DB-A99E-34A9490F5B58",
"versionEndExcluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9098F92-79E7-4762-A37C-99B4CFA8CDD1",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D",
"versionEndExcluding": "10.0.20348.2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B",
"versionEndExcluding": "10.0.25398.709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de Microsoft Message Queuing (MSMQ)"
}
],
"id": "CVE-2024-21405",
"lastModified": "2024-11-21T08:54:17.597",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:15:59.263",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21405"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-591"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-11 17:16
Modified
2025-07-03 15:09
Severity ?
Summary
Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24997 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83256070-991F-404C-AE4C-CBB46166CA67",
"versionEndExcluding": "10.0.19044.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F779E2-8536-4B06-A151-6115C9D88D29",
"versionEndExcluding": "10.0.19045.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B27CE48-66A0-488B-A7B6-18A5A191AFDA",
"versionEndExcluding": "10.0.22621.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77DC7D9D-F85F-41B4-A944-D27B388A1157",
"versionEndExcluding": "10.0.22631.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84168D48-1F68-4590-98BB-E926339D1A01",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAACC9C4-DDC5-4059-AFE3-A49DB2347A86",
"versionEndExcluding": "10.0.20348.3270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF423F8C-2E8A-46AB-BB2D-C416BF341F92",
"versionEndExcluding": "10.0.25398.1486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF81B44C-8FF7-4C61-9974-3F98DA9D492C",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally."
},
{
"lang": "es",
"value": "La desreferencia de puntero nulo en la memoria del kernel de Windows permite que un atacante autorizado deniegue el servicio localmente."
}
],
"id": "CVE-2025-24997",
"lastModified": "2025-07-03T15:09:25.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-03-11T17:16:37.103",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24997"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-16 21:51
Severity ?
Summary
Remote Registry Service Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43532 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8D5CDF9D-43B5-411C-9627-14DECDA937BF",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "84562B34-6BC0-4DBD-B153-C8F1A065A08D",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "58DB776E-E3B6-4990-8AA2-6A63FDAA84C4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4AC4CAAB-C035-4D00-8DBC-9C3CE39FBBD4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8ED2CAD8-D2E2-4AF5-874A-2938D3C3EA0F",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D13B5EE1-0F5A-4DD8-9462-18FC0D2A59EE",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "857DFFF9-C926-41C5-96E6-7CD3DD86FDD8",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "73AD21BF-973F-47E2-8831-A8B9DD066D75",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6DDD519F-4617-4958-A2AA-5E5EC9D6E0E1",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FD728A6F-4F70-4407-B19C-92DF529793EC",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "11B05B8E-F956-45E2-A735-B3169384178F",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "FE4A4090-29D6-4B44-9B01-858886DAD93D",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "41629AD7-FF9A-4C54-9FFE-800F4C1E719B",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "89687486-E330-4475-9119-0E0AD18F8129",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B0F11A8-E14B-4A82-BB09-C4259FC6B0E6",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "FD22B308-7AB1-4820-8B4F-E79C18DB0FF0",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6D7CF880-E057-4694-8DD2-FF62D41A5BB7",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "1262CACE-C787-4F46-9E12-C9F254225FC5",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ED2BB762-C417-4B64-80A2-ED152893FAD7",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Remote Registry Service Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el servicio de registro remoto"
}
],
"id": "CVE-2024-43532",
"lastModified": "2024-10-16T21:51:34.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:17.230",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43532"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-636"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-15 17:43
Severity ?
Summary
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38134 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E76B107-D977-41BE-8E5C-6A9B52C6EBDE",
"versionEndExcluding": "10.0.10240.20751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6808A3F0-AC0E-4825-A582-5D7841F4870F",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0893DB0-24BA-41A1-907E-8B6F66741A0E",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98",
"versionEndExcluding": "10.0.19044.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9C3ED0-C639-42B9-8512-5CAD50B7095B",
"versionEndExcluding": "10.0.19045.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E",
"versionEndExcluding": "10.0.22000.3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del controlador del servicio Thunk WOW de transmisi\u00f3n del kernel"
}
],
"id": "CVE-2024-38134",
"lastModified": "2024-08-15T17:43:41.003",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:16.537",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38134"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 20:18
Severity ?
Summary
Windows Graphics Component Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43508 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E727AE65-9D9E-49BA-A875-9D50FAE9F7DB",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1732A1-CE96-4F6A-BA6D-E67CD42C486D",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07DF8B6-0DF9-4BF1-9C9B-4A29F9611C8A",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Graphics Component Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del componente gr\u00e1fico de Windows"
}
],
"id": "CVE-2024-43508",
"lastModified": "2024-10-17T20:18:55.517",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-10-08T18:15:12.823",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43508"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 13:31
Severity ?
Summary
Windows Mobile Broadband Driver Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43559 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8ED2CAD8-D2E2-4AF5-874A-2938D3C3EA0F",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D13B5EE1-0F5A-4DD8-9462-18FC0D2A59EE",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "857DFFF9-C926-41C5-96E6-7CD3DD86FDD8",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "73AD21BF-973F-47E2-8831-A8B9DD066D75",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6DDD519F-4617-4958-A2AA-5E5EC9D6E0E1",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FD728A6F-4F70-4407-B19C-92DF529793EC",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "11B05B8E-F956-45E2-A735-B3169384178F",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "FE4A4090-29D6-4B44-9B01-858886DAD93D",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "41629AD7-FF9A-4C54-9FFE-800F4C1E719B",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "89687486-E330-4475-9119-0E0AD18F8129",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B0F11A8-E14B-4A82-BB09-C4259FC6B0E6",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "FD22B308-7AB1-4820-8B4F-E79C18DB0FF0",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6D7CF880-E057-4694-8DD2-FF62D41A5BB7",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "1262CACE-C787-4F46-9E12-C9F254225FC5",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ED2BB762-C417-4B64-80A2-ED152893FAD7",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Mobile Broadband Driver Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del controlador de banda ancha de Windows Mobile"
}
],
"id": "CVE-2024-43559",
"lastModified": "2024-10-17T13:31:57.833",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:22.450",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43559"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38057 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38057 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE",
"versionEndExcluding": "10.0.10240.20710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de Kernel Streaming WOW Thunk Service Driver"
}
],
"id": "CVE-2024-38057",
"lastModified": "2024-11-21T09:24:48.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:36.470",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38057"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-12 18:15
Modified
2024-11-21 08:08
Severity ?
Summary
Win32k Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35631 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35631 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC62CCFB-C4C4-4CD1-A291-9587375FE3C6",
"versionEndExcluding": "10.0.22000.2652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11093E57-782B-4049-AFB2-AAFCFB4A8FF6",
"versionEndExcluding": "10.0.22621.2861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E712F1D-26F9-4E19-B012-D7F0A92D59ED",
"versionEndExcluding": "10.0.22631.2861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28E51B68-6AE4-4AF2-A7D3-7728E5D314D7",
"versionEndExcluding": "10.0.25398.584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Win32k Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Win32k"
}
],
"id": "CVE-2023-35631",
"lastModified": "2024-11-21T08:08:24.187",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2023-12-12T18:15:18.360",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35631"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-12 17:15
Modified
2024-12-27 17:28
Severity ?
Summary
Windows Kernel Information Disclosure Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9C29C6-636E-4023-88E0-8A8C4DDD3FA4",
"versionEndExcluding": "10.0.10240.20526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4C9B0826-AE47-44B1-988F-6B5CEFB45BD5",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "E037C8AE-56A8-4507-A34B-371A7D49F28D",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA95D8E-CAD9-4D07-AE35-36D83D546AA8",
"versionEndExcluding": "10.0.19044.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "968B931A-18E6-4425-B326-5A02C0B93A08",
"versionEndExcluding": "10.0.19045.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D08CEC8B-343C-486E-B6FA-F4D60ACF7E63",
"versionEndExcluding": "10.0.22000.2836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBD4A55-729C-4F86-AE29-6067F62FD03A",
"versionEndExcluding": "10.0.22621.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A332CC68-568F-406B-8463-9FEF359BEA4C",
"versionEndExcluding": "10.0.22631.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B238FBA9-4807-410A-8D08-4AAA7E2A2C64",
"versionEndExcluding": "6.2.9200.24768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231",
"versionEndExcluding": "10.0.20348.2340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB",
"versionEndExcluding": "10.0.25398.763",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del kernel de Windows"
}
],
"id": "CVE-2024-26174",
"lastModified": "2024-12-27T17:28:23.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-03-12T17:15:56.710",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26174"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-11 17:16
Modified
2025-04-17 18:29
Severity ?
Summary
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
References
Impacted products
{
"cisaActionDue": "2025-04-01",
"cisaExploitAdd": "2025-03-11",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6997DE6E-CBAD-4690-A68C-8F10E477DCC2",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3CBCF6D9-5085-473C-82F5-98BC246A9C4C",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "67C8DCD7-90C4-431F-BD03-FDFDE170E748",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "05169574-28AB-4E42-B3DE-710574BB1AD3",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "714C0D5E-BE31-45AB-A729-FF55DE59F593",
"versionEndExcluding": "10.0.19044.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0C8B2D45-7059-4FA0-A46C-64A171D287DA",
"versionEndExcluding": "10.0.19044.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "5569800D-B907-47CC-86D2-EC0118157916",
"versionEndExcluding": "10.0.19044.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "A84E706C-3A65-4920-8F80-2A684D3CB110",
"versionEndExcluding": "10.0.19045.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ED157557-37C1-4802-8746-B87120BA16FA",
"versionEndExcluding": "10.0.19045.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "BE8F0EF2-EED3-4791-AE26-D24D97B673D6",
"versionEndExcluding": "10.0.19045.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "C8949B3E-5847-42F8-A15A-D7515F0EE305",
"versionEndExcluding": "10.0.22621.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "84D4F97D-3BA2-4B7A-B650-5772DE49CE97",
"versionEndExcluding": "10.0.22621.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "82807292-1736-4453-B805-3D471BF94A35",
"versionEndExcluding": "10.0.22631.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E19130AD-ECD6-4FC4-B2C8-AB058BDEF928",
"versionEndExcluding": "10.0.22631.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B7ADF37E-1DD3-4539-8922-1E059955FEF1",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E0A74D52-ABC0-4733-B892-F8688B6AEBA7",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAACC9C4-DDC5-4059-AFE3-A49DB2347A86",
"versionEndExcluding": "10.0.20348.3270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "96046A7B-76A1-4DCF-AEA5-25344D37E492",
"versionEndExcluding": "10.0.25398.1486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CE542697-31D8-4EC2-8135-F0468431FD19",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally."
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta en Microsoft Management Console permite que un atacante no autorizado eluda una funci\u00f3n de seguridad localmente."
}
],
"id": "CVE-2025-26633",
"lastModified": "2025-04-17T18:29:29.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-03-11T17:16:43.390",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-26633-security-feature-bypass-in-microsoft-management-console-detection-script"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-26633-security-feature-bypass-in-microsoft-management-console-mitigation-script"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-707"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 18:15
Modified
2024-11-21 08:54
Severity ?
Summary
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21391 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21391 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448534CE-1C07-4DF1-8EDD-C43C3492898B",
"versionEndExcluding": "10.0.10240.20469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D282E53-ABBF-4832-9C93-A988586AE96E",
"versionEndExcluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1689DFD-D52D-4121-BFD7-DBF2BE4E7DE8",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C78776CC-3A9C-41A3-8BEB-D71D92F6579D",
"versionEndExcluding": "10.0.19044.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806CA6D2-42B2-4244-A5ED-D23E6DD56772",
"versionEndExcluding": "10.0.19045.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7F8173-9E59-48E4-98C9-4BEB6AE79451",
"versionEndExcluding": "10.0.22000.2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1",
"versionEndExcluding": "10.0.22621.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900D1DA2-6DA7-4681-966A-B9973B1329EA",
"versionEndExcluding": "10.0.22631.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14F86494-7001-40DB-A99E-34A9490F5B58",
"versionEndExcluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9098F92-79E7-4762-A37C-99B4CFA8CDD1",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D",
"versionEndExcluding": "10.0.20348.2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B",
"versionEndExcluding": "10.0.25398.709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Proveedor Microsoft WDAC OLE DB para la vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de SQL Server"
}
],
"id": "CVE-2024-21391",
"lastModified": "2024-11-21T08:54:15.893",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:15:57.073",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21391"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-197"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 17:15
Modified
2024-11-21 09:11
Severity ?
Summary
Windows Kernel Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30068 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30068 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7733FD-F870-4578-A567-9900AD6C78E3",
"versionEndExcluding": "10.0.10240.20680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96DA51E-404E-49AE-B852-56FF8A1CEEA6",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B52F95E-6080-46C6-B4B6-E2B3F3E78456",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEAF689-E8DB-4D3C-BC2E-B386BC077BC5",
"versionEndExcluding": "10.0.19044.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "970F54FC-F4ED-49B9-BE94-96B7212FD149",
"versionEndExcluding": "10.0.19045.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84ECD6C0-8C47-4D2F-82B5-4F8C0BBC5FEE",
"versionEndExcluding": "10.0.22000.3019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E80DF17-1F27-474E-B147-9F5B6C494300",
"versionEndExcluding": "10.0.22621.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4258468C-56CC-45C0-B510-FC833E942876",
"versionEndExcluding": "10.0.22631.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA61AAF0-D769-4287-AA5C-EFDAD067E9F1",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F9D974-A968-4CBB-81D8-C73B76DD284A",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498A643B-0180-4AD3-BD7C-5E3CEB0FD112",
"versionEndExcluding": "10.0.20348.2522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA59E2D-57B2-4E8B-937A-3EB51A3AD285",
"versionEndExcluding": "10.0.25398.950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del kernel de Windows"
}
],
"id": "CVE-2024-30068",
"lastModified": "2024-11-21T09:11:11.143",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-06-11T17:15:53.157",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30068"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 17:16
Modified
2025-01-08 15:45
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3CAB1AF9-3205-47E7-9F73-B4F29CB7499E",
"versionEndExcluding": "10.0.10240.20651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "17FA38AD-A8CD-4141-A555-0756F05C69B1",
"versionEndExcluding": "10.0.10240.20651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "208A4966-0B4A-44BD-A94E-D432529D4A7A",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "D0993DA2-43E8-4E09-A8FE-9D4EC48A881D",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA2824B-BEA1-438D-A606-65BF5C85AF19",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64DEDA09-D9D3-4974-A4C1-36D2A7C27916",
"versionEndExcluding": "10.0.19044.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAF4860-124C-4A1B-AF4B-12C676E545DC",
"versionEndExcluding": "10.0.19045.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C65169A-BEF8-4C27-8F3C-F30401DFDB71",
"versionEndExcluding": "10.0.22000.2960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96D1BF2-D11D-4355-A9E8-7F89485772D3",
"versionEndExcluding": "10.0.22621.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44D7840D-388C-46D8-9782-A49FE9D54704",
"versionEndExcluding": "10.0.22631.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B922822-E4BC-4538-9E88-EDA645062A44",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3B72F9-A2EA-4C74-98B5-3543A98B9098",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64742A11-4335-4D12-9112-B94B6FF44F41",
"versionEndExcluding": "10.0.20348.2461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7510F630-1C49-4F21-A814-2406F94CA5C7",
"versionEndExcluding": "10.0.25398.887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-30015",
"lastModified": "2025-01-08T15:45:00.623",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-05-14T17:16:45.747",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30015"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-197"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-13 17:15
Modified
2025-05-19 18:19
Severity ?
Summary
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29832 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B6B5CAA-8A5A-4676-BC01-CD97BDCE5763",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4E77111E-B41A-4E88-AC0B-2EBEC9E042FF",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "A725E104-8456-4AE8-9A9D-10127FC36BDE",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4720EC2C-1371-4D1F-80E6-7804D079C183",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "63199B82-79B6-461A-AC6D-CD1EE5EBCC80",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C7D99F6B-B97B-4010-AA5C-84E9FE50D860",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8047D88E-3BAD-4DCE-A1CD-68BEBEE06D50",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "66B77F75-39F2-46EE-BC6F-06650808568E",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "63101BFA-2F60-49BD-8E03-6F13FA9A106D",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "26BA0DF8-5B45-4B1D-A5F2-3D3B7A60AF90",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "404F532F-861B-42E0-B31D-325E5CFEE8EC",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "2A951F53-2D80-44A8-ADE4-9E26702BB76E",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "CA321DC2-D196-4C81-87E8-B1A240A75CB8",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CA476FFD-741C-4534-AA84-BA3511AE1413",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "28D1BDF2-8DF7-48DF-BBF7-E5DE3EF243D1",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3F66E394-51B6-48B2-AFF6-A45007E654AD",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "4448191F-2152-4E7F-8D4A-4EE7ED6657D6",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "7CE8E58A-59AA-4649-8C0F-0DB11A1D1936",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91433700-DB90-4524-8FAE-FF3895C2A45F",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B47EE2B-4081-4D43-8AF7-C8EB11852312",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76679D4E-C4EF-4EED-BCDE-79F5AF859576",
"versionEndExcluding": "10.0.20348.3692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9B2720-3733-4C50-85F7-156D781D15B8",
"versionEndExcluding": "10.0.25398.1611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE51E4F-FCFF-4DC0-9B76-861EE20D54A4",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network."
},
{
"lang": "es",
"value": "La lectura fuera de los l\u00edmites en el Servicio de enrutamiento y acceso remoto de Windows (RRAS) permite que un atacante no autorizado divulgue informaci\u00f3n a trav\u00e9s de una red."
}
],
"id": "CVE-2025-29832",
"lastModified": "2025-05-19T18:19:40.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-05-13T17:15:53.527",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29832"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-17 16:43
Severity ?
Summary
Windows Hyper-V Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38235 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "85DD5735-7C22-4A98-B404-08FEF44A640F",
"versionEndExcluding": "10.0.10240.20766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "90027BBC-56AF-4F14-A118-53BBA694A0CD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ADD534CE-0B4C-43DB-A27C-AC67246D0A87",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E38D5738-DC17-4C50-B8BD-A847CDD772BB",
"versionEndExcluding": "10.0.19044.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6A08D353-356F-4BB0-A43F-15EBD6E2FB83",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF161E1C-AF7E-4F75-86BA-8479D0BA8086",
"versionEndExcluding": "10.0.22000.3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10708C4D-4596-4089-8DDB-5479DE084F64",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "DFD03C4F-D6EA-41B7-A7E1-EE0C11407EA2",
"versionEndExcluding": "10.0.22631.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5EFBBCCD-A83C-4D06-BBF0-1A4E5C9F0283",
"versionEndExcluding": "10.0.22631.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6231A772-376C-4ED3-919B-EAD9D1439021",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "82EA7851-0235-4ACA-8BDB-89243CF2BDA7",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904",
"versionEndExcluding": "10.0.20348.2700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0",
"versionEndExcluding": "10.0.25398.1128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio en Windows Hyper-V"
}
],
"id": "CVE-2024-38235",
"lastModified": "2024-09-17T16:43:33.167",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:26.910",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38235"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 18:15
Modified
2024-11-21 08:52
Severity ?
Summary
Windows Hyper-V Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20684 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20684 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7F8173-9E59-48E4-98C9-4BEB6AE79451",
"versionEndExcluding": "10.0.22000.2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1",
"versionEndExcluding": "10.0.22621.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900D1DA2-6DA7-4681-966A-B9973B1329EA",
"versionEndExcluding": "10.0.22631.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D",
"versionEndExcluding": "10.0.20348.2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B",
"versionEndExcluding": "10.0.25398.709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio de Windows Hyper-V"
}
],
"id": "CVE-2024-20684",
"lastModified": "2024-11-21T08:52:55.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:15:47.893",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20684"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 20:55
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38154 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28824912-3E9D-4E1E-AE1F-F9700DB892C0",
"versionEndExcluding": "6.2.9200.25031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-38154",
"lastModified": "2024-08-16T20:55:12.320",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:21.273",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38154"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 15:31
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38128 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28824912-3E9D-4E1E-AE1F-F9700DB892C0",
"versionEndExcluding": "6.2.9200.25031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-38128",
"lastModified": "2024-08-16T15:31:29.327",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:14.877",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38128"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:15
Modified
2025-07-03 13:07
Severity ?
Summary
Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24062 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACCA6F4-C140-4B2E-93FF-1B9DC093E831",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09E0970D-79B9-40D9-BFFF-25EE5A686B04",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "350A5C83-A85B-4CC1-81C6-F36C1BE0687E",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "AAB1352F-725F-427E-A3F3-73A48287D0C7",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "0A9C8BFA-DC5B-4E27-AEA1-0CF52B4FDF88",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1718BEDA-0AF8-4A6D-B053-AE746C7617C8",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "39A448D0-EB9F-42FE-85A2-A4AA88D4CEBD",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8B1600DE-F4B9-456C-A42F-5E5CDB2D6DEF",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B42570D-5CFB-4620-8B06-B5752212709A",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "AA03AE1F-F78C-4864-A1B6-15846AAD4899",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en la librer\u00eda principal DWM de Windows permite que un atacante autorizado eleve privilegios localmente."
}
],
"id": "CVE-2025-24062",
"lastModified": "2025-07-03T13:07:14.593",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:15:46.353",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24062"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 18:15
Modified
2024-11-21 08:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21315 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21315 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6110E9B7-9AF4-4BB8-8E38-F2419A1E0B12",
"versionEndExcluding": "10.0.25398.531",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75CCACE6-A0EE-4A6F-BD5A-7AA504B02717",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "34FE251F-9F96-4C7A-9AE1-8040A2A98B42",
"versionEndExcluding": "10.0.19045.3693",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "A9D54EE6-30AF-411C-A285-A4DCB6C6EC06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "C230D3BF-7FCE-405C-B62E-B9190C995C3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C43F35FF-BCFC-434A-A6D4-6EDEEEC91E94",
"versionEndExcluding": "10.0.22621.2715",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B2D24C54-F04F-4717-B614-FE67B3ED9DC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B0301BA0-81DB-4FC1-9BC3-EB48A56BC608",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "89BDD39C-EED5-418E-8734-23FD425F43E4",
"versionEndExcluding": "6.3.9600.21813",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "31793C00-933B-4CBB-9EAF-27AFF4C82CBE",
"versionEndExcluding": "10.0.14393.6452",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "0A1BC97A-263E-4291-8AEF-02EE4E6031E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "51D2081C-CA6C-4F6F-8D29-FCCD64FAB4FC",
"versionEndExcluding": "6.2.9200.24710",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "34FE251F-9F96-4C7A-9AE1-8040A2A98B42",
"versionEndExcluding": "10.0.19045.3693",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C43F35FF-BCFC-434A-A6D4-6EDEEEC91E94",
"versionEndExcluding": "10.0.22621.2715",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5EC3F68-8F41-4F6B-B2E5-920322A4A321",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "8E3C1327-F331-4448-A253-00EAC7428317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "60637E9C-A03E-4E64-B559-D817CF8AA82C",
"versionEndExcluding": "10.0.10240.20308",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "A045AC0A-471E-444C-B3B0-4CABC23E8CFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8D2F0987-1200-46E8-B224-CD9E0AE33BD1",
"versionEndExcluding": "10.0.19043.3693",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8FC46499-DB6E-48BF-9334-85EE27AFE7AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "83A79DD6-E74E-419F-93F1-323B68502633",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "61959ACC-B608-4556-92AF-4D94B338907A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D4ADA63C-F2DA-4770-9D22-6E0A5521A4CC",
"versionEndExcluding": "10.0.22000.2600",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "0C3552E0-F793-4CDD-965D-457495475805",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C9D85511-1F11-4992-A183-0B6C78D5F8C2",
"versionEndExcluding": "6.2.9200.24569",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "51D16F16-CDCD-48EE-B0A7-02DC0F2317E8",
"versionEndExcluding": "10.0.20348.2113",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "53FF14C4-9735-4A8B-8DDE-D1F852346200",
"versionEndExcluding": "10.0.17763.5122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*",
"matchCriteriaId": "73D24713-D897-408D-893B-77A61982597D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "345FCD64-D37B-425B-B64C-8B1640B7E850",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de Microsoft Defender para Endpoint Protection"
}
],
"id": "CVE-2024-21315",
"lastModified": "2024-11-21T08:54:05.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:15:48.403",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21315"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-13 15:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Windows Authentication Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38254 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "85DD5735-7C22-4A98-B404-08FEF44A640F",
"versionEndExcluding": "10.0.10240.20766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83550045-529B-4968-A543-C9D298C0F31D",
"versionEndExcluding": "10.0.10240.20766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "90027BBC-56AF-4F14-A118-53BBA694A0CD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "DFB6CBF4-DA4A-4743-B8A1-3E41FCBEEBEC",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9450F3-BE07-4F9B-9C2B-29208AB91A9C",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C551E1F-A971-4AEE-8784-A6975D8E44D8",
"versionEndExcluding": "10.0.19044.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8610D293-28A5-4A3E-AE2D-BD21E7E42FDA",
"versionEndExcluding": "10.0.19041.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6A08D353-356F-4BB0-A43F-15EBD6E2FB83",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "DB3B2964-5BDD-4478-A13C-D1BF5F6E7E9D",
"versionEndIncluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF161E1C-AF7E-4F75-86BA-8479D0BA8086",
"versionEndExcluding": "10.0.22000.3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10708C4D-4596-4089-8DDB-5479DE084F64",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9E54F7-0561-49F6-AAD1-B78FF99BBA44",
"versionEndExcluding": "10.0.22631.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "889E645C-92D6-422B-A89B-05D6774B7543",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904",
"versionEndExcluding": "10.0.20348.2700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0",
"versionEndExcluding": "10.0.25398.1128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Authentication Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de autenticaci\u00f3n de Windows"
}
],
"id": "CVE-2024-38254",
"lastModified": "2024-09-13T15:16:48.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:31.143",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38254"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:15
Severity ?
Summary
DHCP Server Service Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DHCP Server Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del servicio de servidor DHCP"
}
],
"id": "CVE-2024-26195",
"lastModified": "2025-01-08T16:15:12.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:37.773",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26195"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-08 12:42
Severity ?
Summary
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49076 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5FA7C375-3A7C-4F34-B6E7-82C187B4F7AF",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "576F141F-C874-4817-961A-2C4D2AB3DEA4",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F814C24B-FA54-4B97-8387-6EE9AC269178",
"versionEndExcluding": "10.0.19044.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF40E59-FC32-4047-8A63-EE0819A32962",
"versionEndExcluding": "10.0.19045.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3B0836-B782-4C1A-B0D1-B6111CBC8DED",
"versionEndExcluding": "10.0.22621.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B584A6-DEDC-4D7C-9579-B82091B698E0",
"versionEndExcluding": "10.0.22631.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "594D3E33-9ADE-47EF-8032-A5EDC948F92B",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECABB2C-DACB-4BBD-8739-DDB00285B0A7",
"versionEndExcluding": "10.0.20348.2966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el enclave de seguridad basada en virtualizaci\u00f3n de Windows (VBS)"
}
],
"id": "CVE-2024-49076",
"lastModified": "2025-01-08T12:42:47.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:31.837",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49076"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-09 18:15
Modified
2024-11-21 08:52
Severity ?
Summary
Win32k Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20686 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20686 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2022_23h2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75CCACE6-A0EE-4A6F-BD5A-7AA504B02717",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Win32k Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Win32k"
}
],
"id": "CVE-2024-20686",
"lastModified": "2024-11-21T08:52:55.383",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-01-09T18:15:51.827",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20686"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-591"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 20:54
Severity ?
Summary
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38141 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E76B107-D977-41BE-8E5C-6A9B52C6EBDE",
"versionEndExcluding": "10.0.10240.20751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6808A3F0-AC0E-4825-A582-5D7841F4870F",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0893DB0-24BA-41A1-907E-8B6F66741A0E",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98",
"versionEndExcluding": "10.0.19044.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9C3ED0-C639-42B9-8512-5CAD50B7095B",
"versionEndExcluding": "10.0.19045.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E",
"versionEndExcluding": "10.0.22000.3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28824912-3E9D-4E1E-AE1F-F9700DB892C0",
"versionEndExcluding": "6.2.9200.25031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Controlador de funci\u00f3n auxiliar de Windows para la vulnerabilidad de elevaci\u00f3n de privilegios de WinSock"
}
],
"id": "CVE-2024-38141",
"lastModified": "2024-08-16T20:54:40.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:17.953",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38141"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
Windows Graphics Component Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38085 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38085 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE",
"versionEndExcluding": "10.0.10240.20710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Graphics Component Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de Windows Graphics Component"
}
],
"id": "CVE-2024-38085",
"lastModified": "2024-11-21T09:24:52.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:44.080",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38085"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-13 17:15
Modified
2025-05-19 18:20
Severity ?
Summary
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29829 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B6B5CAA-8A5A-4676-BC01-CD97BDCE5763",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4E77111E-B41A-4E88-AC0B-2EBEC9E042FF",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "A725E104-8456-4AE8-9A9D-10127FC36BDE",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4720EC2C-1371-4D1F-80E6-7804D079C183",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "63199B82-79B6-461A-AC6D-CD1EE5EBCC80",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C7D99F6B-B97B-4010-AA5C-84E9FE50D860",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8047D88E-3BAD-4DCE-A1CD-68BEBEE06D50",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "66B77F75-39F2-46EE-BC6F-06650808568E",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "63101BFA-2F60-49BD-8E03-6F13FA9A106D",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "26BA0DF8-5B45-4B1D-A5F2-3D3B7A60AF90",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "404F532F-861B-42E0-B31D-325E5CFEE8EC",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "2A951F53-2D80-44A8-ADE4-9E26702BB76E",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "CA321DC2-D196-4C81-87E8-B1A240A75CB8",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CA476FFD-741C-4534-AA84-BA3511AE1413",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "28D1BDF2-8DF7-48DF-BBF7-E5DE3EF243D1",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3F66E394-51B6-48B2-AFF6-A45007E654AD",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "4448191F-2152-4E7F-8D4A-4EE7ED6657D6",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "7CE8E58A-59AA-4649-8C0F-0DB11A1D1936",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91433700-DB90-4524-8FAE-FF3895C2A45F",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B47EE2B-4081-4D43-8AF7-C8EB11852312",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76679D4E-C4EF-4EED-BCDE-79F5AF859576",
"versionEndExcluding": "10.0.20348.3692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9B2720-3733-4C50-85F7-156D781D15B8",
"versionEndExcluding": "10.0.25398.1611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE51E4F-FCFF-4DC0-9B76-861EE20D54A4",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally."
},
{
"lang": "es",
"value": "El uso de un recurso no inicializado en el controlador de interfaz de tiempo de ejecuci\u00f3n confiable de Windows permite que un atacante autorizado divulgue informaci\u00f3n localmente."
}
],
"id": "CVE-2025-29829",
"lastModified": "2025-05-19T18:20:40.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-05-13T17:15:52.967",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29829"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:41
Severity ?
Summary
Windows Kernel Elevation of Privilege Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del kernel de Windows"
}
],
"id": "CVE-2024-20693",
"lastModified": "2025-01-08T16:41:23.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:33.940",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20693"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:15
Modified
2025-07-10 15:55
Severity ?
Summary
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26640 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACCA6F4-C140-4B2E-93FF-1B9DC093E831",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09E0970D-79B9-40D9-BFFF-25EE5A686B04",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640C45C8-83C3-4BBC-9176-705BEAA80E64",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9402D-6417-4F82-909A-D89C06C98794",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "39A448D0-EB9F-42FE-85A2-A4AA88D4CEBD",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8B1600DE-F4B9-456C-A42F-5E5CDB2D6DEF",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "AA03AE1F-F78C-4864-A1B6-15846AAD4899",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "Use after free en Windows Digital Media permite que un atacante autorizado eleve privilegios localmente."
}
],
"id": "CVE-2025-26640",
"lastModified": "2025-07-10T15:55:18.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:15:47.817",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26640"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
},
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-08 12:29
Severity ?
Summary
Windows Common Log File System Driver Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49088 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "10F567C3-3739-4F3D-B9E0-D2725D09CE0D",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "04D1F48B-C323-4062-B5E1-9700ADBB153C",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "29B44B5E-3D35-4A5B-A916-6E70923FAB7C",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "77EAFFB9-3053-4197-B52D-69F4F86C8FBA",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5FA7C375-3A7C-4F34-B6E7-82C187B4F7AF",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "576F141F-C874-4817-961A-2C4D2AB3DEA4",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F814C24B-FA54-4B97-8387-6EE9AC269178",
"versionEndExcluding": "10.0.19044.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF40E59-FC32-4047-8A63-EE0819A32962",
"versionEndExcluding": "10.0.19045.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3B0836-B782-4C1A-B0D1-B6111CBC8DED",
"versionEndExcluding": "10.0.22621.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B584A6-DEDC-4D7C-9579-B82091B698E0",
"versionEndExcluding": "10.0.22631.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "594D3E33-9ADE-47EF-8032-A5EDC948F92B",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "361D1B8E-6E56-4B5F-85D1-D47114A10A81",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECABB2C-DACB-4BBD-8739-DDB00285B0A7",
"versionEndExcluding": "10.0.20348.2966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Common Log File System Driver Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del controlador del sistema de archivos de registro com\u00fan de Windows"
}
],
"id": "CVE-2024-49088",
"lastModified": "2025-01-08T12:29:25.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:33.827",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49088"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-126"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-27 18:45
Severity ?
Summary
Windows Telephony Service Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21223 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Windows Telephony Service"
}
],
"id": "CVE-2025-21223",
"lastModified": "2025-01-27T18:45:59.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:33.947",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21223"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 17:16
Modified
2025-01-08 15:47
Severity ?
Summary
NTFS Elevation of Privilege Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3CAB1AF9-3205-47E7-9F73-B4F29CB7499E",
"versionEndExcluding": "10.0.10240.20651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "17FA38AD-A8CD-4141-A555-0756F05C69B1",
"versionEndExcluding": "10.0.10240.20651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "208A4966-0B4A-44BD-A94E-D432529D4A7A",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "D0993DA2-43E8-4E09-A8FE-9D4EC48A881D",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA2824B-BEA1-438D-A606-65BF5C85AF19",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64DEDA09-D9D3-4974-A4C1-36D2A7C27916",
"versionEndExcluding": "10.0.19044.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAF4860-124C-4A1B-AF4B-12C676E545DC",
"versionEndExcluding": "10.0.19045.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C65169A-BEF8-4C27-8F3C-F30401DFDB71",
"versionEndExcluding": "10.0.22000.2960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96D1BF2-D11D-4355-A9E8-7F89485772D3",
"versionEndExcluding": "10.0.22621.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44D7840D-388C-46D8-9782-A49FE9D54704",
"versionEndExcluding": "10.0.22631.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B922822-E4BC-4538-9E88-EDA645062A44",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3B72F9-A2EA-4C74-98B5-3543A98B9098",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64742A11-4335-4D12-9112-B94B6FF44F41",
"versionEndExcluding": "10.0.20348.2461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7510F630-1C49-4F21-A814-2406F94CA5C7",
"versionEndExcluding": "10.0.25398.887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTFS Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de NTFS"
}
],
"id": "CVE-2024-30027",
"lastModified": "2025-01-08T15:47:32.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-05-14T17:16:59.450",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30027"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2024-11-21 09:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Windows Storage Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29052 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29052 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Storage Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el almacenamiento de Windows"
}
],
"id": "CVE-2024-29052",
"lastModified": "2024-11-21T09:07:27.290",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-09T17:15:58.737",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29052"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2025-01-10 15:26
Severity ?
Summary
Windows Hyper-V Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20659 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "857DFFF9-C926-41C5-96E6-7CD3DD86FDD8",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FD728A6F-4F70-4407-B19C-92DF529793EC",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801079-35D1-4489-A0AE-DA780FF4F9BC",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E727AE65-9D9E-49BA-A875-9D50FAE9F7DB",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1732A1-CE96-4F6A-BA6D-E67CD42C486D",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07DF8B6-0DF9-4BF1-9C9B-4A29F9611C8A",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de Windows Hyper-V"
}
],
"id": "CVE-2024-20659",
"lastModified": "2025-01-10T15:26:59.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:05.220",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20659"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:15
Modified
2025-07-09 16:38
Severity ?
Summary
Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26665 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "575117BF-9A1E-4B90-85D8-4172A58B3B72",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B3B4804C-685B-4F37-92DE-CE73D1B106B4",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "474622F8-06D4-4AD1-8D72-A674909A7634",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "559D55D4-2BF2-4B8F-90CA-C6B885334A3E",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACCA6F4-C140-4B2E-93FF-1B9DC093E831",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09E0970D-79B9-40D9-BFFF-25EE5A686B04",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640C45C8-83C3-4BBC-9176-705BEAA80E64",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9402D-6417-4F82-909A-D89C06C98794",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4B5FB3-A574-4DA6-9A43-0950B121CC92",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "El almacenamiento de datos confidenciales en una memoria bloqueada incorrectamente en Windows upnphost.dll permite que un atacante autorizado eleve privilegios localmente."
}
],
"id": "CVE-2025-26665",
"lastModified": "2025-07-09T16:38:34.367",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:15:49.670",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26665"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-591"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-12 17:15
Modified
2024-11-21 08:54
Severity ?
Summary
Windows Hyper-V Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21408 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21408 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FAE3130D-C88C-42C1-89EF-A8F86254E04D",
"versionEndExcluding": "10.0.10240.20526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "26CD5681-7CC7-42C3-AF89-D6A2C2A5591B",
"versionEndExcluding": "10.0.19044.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "68AF6C08-77D6-4786-B476-90D106F02DF0",
"versionEndExcluding": "10.0.19045.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C86ACE06-BA02-49BA-B274-441E74F98FB2",
"versionEndExcluding": "10.0.19045.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D08CEC8B-343C-486E-B6FA-F4D60ACF7E63",
"versionEndExcluding": "10.0.22000.2836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBD4A55-729C-4F86-AE29-6067F62FD03A",
"versionEndExcluding": "10.0.22621.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A332CC68-568F-406B-8463-9FEF359BEA4C",
"versionEndExcluding": "10.0.22631.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F08760C-CF31-4507-8CBD-21A2FEAE478C",
"versionEndExcluding": "10.0.20348.2333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB",
"versionEndExcluding": "10.0.25398.763",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio de Windows Hyper-V"
}
],
"id": "CVE-2024-21408",
"lastModified": "2024-11-21T08:54:18.060",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-03-12T17:15:50.127",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21408"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-16 21:47
Severity ?
Summary
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43528 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8ED2CAD8-D2E2-4AF5-874A-2938D3C3EA0F",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D13B5EE1-0F5A-4DD8-9462-18FC0D2A59EE",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "857DFFF9-C926-41C5-96E6-7CD3DD86FDD8",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "73AD21BF-973F-47E2-8831-A8B9DD066D75",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6DDD519F-4617-4958-A2AA-5E5EC9D6E0E1",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FD728A6F-4F70-4407-B19C-92DF529793EC",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "11B05B8E-F956-45E2-A735-B3169384178F",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "FE4A4090-29D6-4B44-9B01-858886DAD93D",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "41629AD7-FF9A-4C54-9FFE-800F4C1E719B",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "89687486-E330-4475-9119-0E0AD18F8129",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B0F11A8-E14B-4A82-BB09-C4259FC6B0E6",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "FD22B308-7AB1-4820-8B4F-E79C18DB0FF0",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6D7CF880-E057-4694-8DD2-FF62D41A5BB7",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "1262CACE-C787-4F46-9E12-C9F254225FC5",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ED2BB762-C417-4B64-80A2-ED152893FAD7",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Secure Kernel Mode Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el modo kernel seguro de Windows"
}
],
"id": "CVE-2024-43528",
"lastModified": "2024-10-16T21:47:05.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:16.810",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43528"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 17:22
Modified
2025-07-10 16:03
Severity ?
Summary
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33064 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FCC2974E-F0F4-4F33-9CCE-2CEA45A3AD86",
"versionEndExcluding": "10.0.10240.21034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A94EDBE2-AAFF-4E9A-A9E5-9B02ADB94471",
"versionEndExcluding": "10.0.10240.21034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "21CF85F1-CE6E-4AA2-B686-20766DB23D46",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "10F0F3D2-00CD-4F52-B31E-DEA656DBD8B3",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F081F99C-6E6A-4AB2-8DE8-6457582D80D6",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "7D9FCD92-0CED-43D3-87E0-630B80AC1A89",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5667B11-7E10-4A08-89D2-253D682151C5",
"versionEndExcluding": "10.0.19044.5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CB6E81-62E0-4B19-ADE9-5ADB260CB960",
"versionEndExcluding": "10.0.19045.5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDDDE2C-0235-4792-905A-DDDF5D346BDC",
"versionEndExcluding": "10.0.22621.5472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53835865-3135-4F16-9868-C96D8C5E2BED",
"versionEndExcluding": "10.0.22631.5472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA78F5F9-AEE3-423B-B82A-9ECEF2BDADF3",
"versionEndExcluding": "10.0.26100.4270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B7111D-5C1D-415B-8ED4-F891B4832B18",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E77CCA1-2FF6-429B-85A6-81E2B7C6B08F",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "889A792E-8809-4A78-AABC-0567D025927A",
"versionEndExcluding": "10.0.20348.3745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "537E7AD5-0562-490B-AB16-0805F8865C74",
"versionEndExcluding": "10.0.25398.1665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4BB5C4-1318-4006-9C50-0AED4E0C8A3F",
"versionEndExcluding": "10.0.26100.4270",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer basado en mont\u00f3n en el Servicio de enrutamiento y acceso remoto de Windows (RRAS) permite que un atacante autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"id": "CVE-2025-33064",
"lastModified": "2025-07-10T16:03:04.757",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-06-10T17:22:43.050",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33064"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2025-01-27 21:38
Severity ?
Summary
Windows Mark of the Web Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.elastic.co/security-labs/dismantling-smart-app-control | Exploit, Third Party Advisory |
Impacted products
{
"cisaActionDue": "2024-10-01",
"cisaExploitAdd": "2024-09-10",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "85DD5735-7C22-4A98-B404-08FEF44A640F",
"versionEndExcluding": "10.0.10240.20766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83550045-529B-4968-A543-C9D298C0F31D",
"versionEndExcluding": "10.0.10240.20766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "90027BBC-56AF-4F14-A118-53BBA694A0CD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "DFB6CBF4-DA4A-4743-B8A1-3E41FCBEEBEC",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ADD534CE-0B4C-43DB-A27C-AC67246D0A87",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "23DBE62F-98CC-4F76-A841-BB20C5E8075F",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C7FEB1-00AE-42A6-BBAA-A30081BD4A83",
"versionEndExcluding": "10.0.19044.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE18049-0E6D-4F64-9702-37D9B4A26A54",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF161E1C-AF7E-4F75-86BA-8479D0BA8086",
"versionEndExcluding": "10.0.22000.3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10708C4D-4596-4089-8DDB-5479DE084F64",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9E54F7-0561-49F6-AAD1-B78FF99BBA44",
"versionEndExcluding": "10.0.22631.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6231A772-376C-4ED3-919B-EAD9D1439021",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "82EA7851-0235-4ACA-8BDB-89243CF2BDA7",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904",
"versionEndExcluding": "10.0.20348.2700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0",
"versionEndExcluding": "10.0.25398.1128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Mark of the Web Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad Mark of the Web de Windows"
}
],
"id": "CVE-2024-38217",
"lastModified": "2025-01-27T21:38:34.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:24.640",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.elastic.co/security-labs/dismantling-smart-app-control"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 17:16
Modified
2025-01-08 15:46
Severity ?
Summary
DHCP Server Service Denial of Service Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B922822-E4BC-4538-9E88-EDA645062A44",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3B72F9-A2EA-4C74-98B5-3543A98B9098",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64742A11-4335-4D12-9112-B94B6FF44F41",
"versionEndExcluding": "10.0.20348.2461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7510F630-1C49-4F21-A814-2406F94CA5C7",
"versionEndExcluding": "10.0.25398.887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DHCP Server Service Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del servicio del servidor DHCP"
}
],
"id": "CVE-2024-30019",
"lastModified": "2025-01-08T15:46:05.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-05-14T17:16:51.477",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30019"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 17:15
Modified
2024-11-21 09:11
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30094 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30094 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7733FD-F870-4578-A567-9900AD6C78E3",
"versionEndExcluding": "10.0.10240.20680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96DA51E-404E-49AE-B852-56FF8A1CEEA6",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B52F95E-6080-46C6-B4B6-E2B3F3E78456",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEAF689-E8DB-4D3C-BC2E-B386BC077BC5",
"versionEndExcluding": "10.0.19044.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "970F54FC-F4ED-49B9-BE94-96B7212FD149",
"versionEndExcluding": "10.0.19045.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84ECD6C0-8C47-4D2F-82B5-4F8C0BBC5FEE",
"versionEndExcluding": "10.0.22000.3019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E80DF17-1F27-474E-B147-9F5B6C494300",
"versionEndExcluding": "10.0.22621.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4258468C-56CC-45C0-B510-FC833E942876",
"versionEndExcluding": "10.0.22631.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA61AAF0-D769-4287-AA5C-EFDAD067E9F1",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F9D974-A968-4CBB-81D8-C73B76DD284A",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498A643B-0180-4AD3-BD7C-5E3CEB0FD112",
"versionEndExcluding": "10.0.20348.2522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA59E2D-57B2-4E8B-937A-3EB51A3AD285",
"versionEndExcluding": "10.0.25398.950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-30094",
"lastModified": "2024-11-21T09:11:15.153",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-06-11T17:15:57.917",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30094"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 19:42
Severity ?
Summary
Windows Kernel-Mode Driver Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43554 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8D5CDF9D-43B5-411C-9627-14DECDA937BF",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "84562B34-6BC0-4DBD-B153-C8F1A065A08D",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "58DB776E-E3B6-4990-8AA2-6A63FDAA84C4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4AC4CAAB-C035-4D00-8DBC-9C3CE39FBBD4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8ED2CAD8-D2E2-4AF5-874A-2938D3C3EA0F",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10021958-69E6-4B2A-8DF1-ECA2C2D95328",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE70C979-F86C-43B3-BCF6-F8A3E1DB6042",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801079-35D1-4489-A0AE-DA780FF4F9BC",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E727AE65-9D9E-49BA-A875-9D50FAE9F7DB",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1732A1-CE96-4F6A-BA6D-E67CD42C486D",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07DF8B6-0DF9-4BF1-9C9B-4A29F9611C8A",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel-Mode Driver Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del controlador en modo kernel de Windows"
}
],
"id": "CVE-2024-43554",
"lastModified": "2024-10-17T19:42:24.797",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:21.400",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43554"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-11 17:16
Modified
2025-07-02 15:55
Severity ?
Summary
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24055 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6997DE6E-CBAD-4690-A68C-8F10E477DCC2",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3CBCF6D9-5085-473C-82F5-98BC246A9C4C",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "67C8DCD7-90C4-431F-BD03-FDFDE170E748",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "05169574-28AB-4E42-B3DE-710574BB1AD3",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83256070-991F-404C-AE4C-CBB46166CA67",
"versionEndExcluding": "10.0.19044.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F779E2-8536-4B06-A151-6115C9D88D29",
"versionEndExcluding": "10.0.19045.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B27CE48-66A0-488B-A7B6-18A5A191AFDA",
"versionEndExcluding": "10.0.22621.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77DC7D9D-F85F-41B4-A944-D27B388A1157",
"versionEndExcluding": "10.0.22631.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84168D48-1F68-4590-98BB-E926339D1A01",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF468977-7A8C-4234-B244-FA75CB6A124E",
"versionEndExcluding": "10.0.26100.3476",
"versionStartExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9485A904-335B-406F-AED9-63489CB2BB26",
"versionEndExcluding": "6.2.9200.25368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7610CDB-A02B-4C62-B17F-6DCE2B3DE4F0",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D271422D-A29F-4DBF-BF72-BCD90E393A5A",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAACC9C4-DDC5-4059-AFE3-A49DB2347A86",
"versionEndExcluding": "10.0.20348.3270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2569319C-B855-466E-B4A5-D5774DBBD516",
"versionEndExcluding": "10.0.20348.3328",
"versionStartExcluding": "10.0.20348.3270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF423F8C-2E8A-46AB-BB2D-C416BF341F92",
"versionEndExcluding": "10.0.25398.1486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF81B44C-8FF7-4C61-9974-3F98DA9D492C",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1438B9AF-92B2-439B-8656-C87B8F8E30A5",
"versionEndExcluding": "10.0.26100.3476",
"versionStartExcluding": "10.0.26100.3403",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack."
},
{
"lang": "es",
"value": "La lectura fuera de los l\u00edmites en el controlador de video USB de Windows permite que un atacante autorizado divulgue informaci\u00f3n con un ataque f\u00edsico."
}
],
"id": "CVE-2025-24055",
"lastModified": "2025-07-02T15:55:15.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-03-11T17:16:27.887",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24055"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-12 17:15
Modified
2024-12-27 17:52
Severity ?
Summary
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBD4A55-729C-4F86-AE29-6067F62FD03A",
"versionEndExcluding": "10.0.22621.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A332CC68-568F-406B-8463-9FEF359BEA4C",
"versionEndExcluding": "10.0.22631.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB",
"versionEndExcluding": "10.0.25398.763",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del controlador del minifiltro de archivos en la nube de Windows"
}
],
"id": "CVE-2024-26160",
"lastModified": "2024-12-27T17:52:38.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-03-12T17:15:55.070",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26160"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-126"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-24 21:53
Severity ?
Summary
Windows Kerberos Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21242 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kerberos Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Kerberos en Windows"
}
],
"id": "CVE-2025-21242",
"lastModified": "2025-01-24T21:53:39.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:39.867",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21242"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:15
Modified
2025-07-10 15:57
Severity ?
Summary
Improper input validation in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26647 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en Windows Kerberos permite que un atacante no autorizado eleve privilegios en una red."
}
],
"id": "CVE-2025-26647",
"lastModified": "2025-07-10T15:57:36.837",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:15:48.510",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26647"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 17:22
Modified
2025-07-08 16:22
Severity ?
Summary
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33061 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "21CF85F1-CE6E-4AA2-B686-20766DB23D46",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "10F0F3D2-00CD-4F52-B31E-DEA656DBD8B3",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F081F99C-6E6A-4AB2-8DE8-6457582D80D6",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "7D9FCD92-0CED-43D3-87E0-630B80AC1A89",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5667B11-7E10-4A08-89D2-253D682151C5",
"versionEndExcluding": "10.0.19044.5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CB6E81-62E0-4B19-ADE9-5ADB260CB960",
"versionEndExcluding": "10.0.19045.5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDDDE2C-0235-4792-905A-DDDF5D346BDC",
"versionEndExcluding": "10.0.22621.5472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53835865-3135-4F16-9868-C96D8C5E2BED",
"versionEndExcluding": "10.0.22631.5472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA78F5F9-AEE3-423B-B82A-9ECEF2BDADF3",
"versionEndExcluding": "10.0.26100.4270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B7111D-5C1D-415B-8ED4-F891B4832B18",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E77CCA1-2FF6-429B-85A6-81E2B7C6B08F",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "889A792E-8809-4A78-AABC-0567D025927A",
"versionEndExcluding": "10.0.20348.3745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "537E7AD5-0562-490B-AB16-0805F8865C74",
"versionEndExcluding": "10.0.25398.1665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4BB5C4-1318-4006-9C50-0AED4E0C8A3F",
"versionEndExcluding": "10.0.26100.4270",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
},
{
"lang": "es",
"value": "La lectura fuera de los l\u00edmites en el Proveedor de administraci\u00f3n de almacenamiento de Windows permite que un atacante autorizado divulgue informaci\u00f3n localmente."
}
],
"id": "CVE-2025-33061",
"lastModified": "2025-07-08T16:22:14.333",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-06-10T17:22:35.353",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33061"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-06 14:33
Severity ?
6.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
BitLocker Security Feature Bypass Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BitLocker Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad de BitLocker"
}
],
"id": "CVE-2024-20665",
"lastModified": "2025-01-06T14:33:29.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:32.413",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20665"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:15
Modified
2025-07-08 19:14
Severity ?
Summary
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27482 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "El almacenamiento de datos confidenciales en una memoria bloqueada incorrectamente en el Servicio de puerta de enlace de Escritorio remoto permite que un atacante no autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"id": "CVE-2025-27482",
"lastModified": "2025-07-08T19:14:37.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:15:58.773",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27482"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-591"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-04-03 20:58
Severity ?
Summary
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"cisaActionDue": "2025-02-04",
"cisaExploitAdd": "2025-01-14",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C4AF6108-E473-4695-B5AE-A4449A7A6E22",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "146C68DB-CB79-4CCA-BCCF-DDB7E6B543DC",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "79F031F0-7E96-4361-9E73-1617F5C51A5D",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB980EBB-388D-4D0B-8154-C15EC4E77757",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B315E632-8658-4CD5-972B-892C1CC738A3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows Hyper-V NT Kernel Integration VSP"
}
],
"id": "CVE-2025-21333",
"lastModified": "2025-04-03T20:58:48.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:58.530",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-21333-elevated-privilege-exposure-in-windows-hyper-v-by-microsoft-detection-script"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-21333-elevated-privilege-exposure-in-windows-hyper-v-by-microsoft-mitigation-script"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:31
Severity ?
Summary
Windows CSC Service Elevation of Privilege Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows CSC Service Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del servicio CSC de Windows"
}
],
"id": "CVE-2024-26229",
"lastModified": "2025-01-08T16:31:52.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:42.823",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:17
Severity ?
Summary
DHCP Server Service Denial of Service Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DHCP Server Service Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del servicio del servidor DHCP"
}
],
"id": "CVE-2024-26215",
"lastModified": "2025-01-08T16:17:13.453",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:40.240",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26215"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-27 18:50
Severity ?
Summary
Windows HTML Platforms Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21269 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows HTML Platforms Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de funciones de seguridad en Windows HTML Platforms"
}
],
"id": "CVE-2025-21269",
"lastModified": "2025-01-27T18:50:21.237",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:46.290",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21269"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-41"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
PowerShell Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38047 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38047 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerShell Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de PowerShell"
}
],
"id": "CVE-2024-38047",
"lastModified": "2024-11-21T09:24:46.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:32.853",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38047"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 17:50
Severity ?
Summary
Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43541 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del protocolo de inscripci\u00f3n de certificados simples de Microsoft"
}
],
"id": "CVE-2024-43541",
"lastModified": "2024-10-17T17:50:26.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-10-08T18:15:18.857",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43541"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 18:15
Modified
2024-11-21 08:54
Severity ?
Summary
Windows DNS Client Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21342 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21342 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1",
"versionEndExcluding": "10.0.22621.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6045E4CB-E5B8-4638-882C-BAD4C208A91B",
"versionEndExcluding": "10.0.22621.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B",
"versionEndExcluding": "10.0.25398.709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows DNS Client Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del cliente DNS de Windows"
}
],
"id": "CVE-2024-21342",
"lastModified": "2024-11-21T08:54:08.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:15:49.803",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21342"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 20:54
Severity ?
Summary
Windows TCP/IP Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E76B107-D977-41BE-8E5C-6A9B52C6EBDE",
"versionEndExcluding": "10.0.10240.20751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6808A3F0-AC0E-4825-A582-5D7841F4870F",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0893DB0-24BA-41A1-907E-8B6F66741A0E",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98",
"versionEndExcluding": "10.0.19044.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9C3ED0-C639-42B9-8512-5CAD50B7095B",
"versionEndExcluding": "10.0.19045.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E",
"versionEndExcluding": "10.0.22000.3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28824912-3E9D-4E1E-AE1F-F9700DB892C0",
"versionEndExcluding": "6.2.9200.25031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows TCP/IP Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo TCP/IP de Windows"
}
],
"id": "CVE-2024-38063",
"lastModified": "2024-08-16T20:54:12.043",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:10.007",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-15 20:58
Severity ?
Summary
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38191 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E618C1D-665C-44E9-A319-9A845393E3CB",
"versionEndExcluding": "6.2.9200.24975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kernel Streaming Service Driver Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del controlador del servicio de transmisi\u00f3n de kernel"
}
],
"id": "CVE-2024-38191",
"lastModified": "2024-08-15T20:58:12.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:27.977",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38191"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-13 17:15
Modified
2025-05-19 18:29
Severity ?
Summary
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29842 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B6B5CAA-8A5A-4676-BC01-CD97BDCE5763",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4E77111E-B41A-4E88-AC0B-2EBEC9E042FF",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "A725E104-8456-4AE8-9A9D-10127FC36BDE",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4720EC2C-1371-4D1F-80E6-7804D079C183",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "63199B82-79B6-461A-AC6D-CD1EE5EBCC80",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C7D99F6B-B97B-4010-AA5C-84E9FE50D860",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8047D88E-3BAD-4DCE-A1CD-68BEBEE06D50",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "66B77F75-39F2-46EE-BC6F-06650808568E",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "63101BFA-2F60-49BD-8E03-6F13FA9A106D",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "26BA0DF8-5B45-4B1D-A5F2-3D3B7A60AF90",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "404F532F-861B-42E0-B31D-325E5CFEE8EC",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "2A951F53-2D80-44A8-ADE4-9E26702BB76E",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "CA321DC2-D196-4C81-87E8-B1A240A75CB8",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CA476FFD-741C-4534-AA84-BA3511AE1413",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "28D1BDF2-8DF7-48DF-BBF7-E5DE3EF243D1",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3F66E394-51B6-48B2-AFF6-A45007E654AD",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "4448191F-2152-4E7F-8D4A-4EE7ED6657D6",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "7CE8E58A-59AA-4649-8C0F-0DB11A1D1936",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91433700-DB90-4524-8FAE-FF3895C2A45F",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B47EE2B-4081-4D43-8AF7-C8EB11852312",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76679D4E-C4EF-4EED-BCDE-79F5AF859576",
"versionEndExcluding": "10.0.20348.3692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9B2720-3733-4C50-85F7-156D781D15B8",
"versionEndExcluding": "10.0.25398.1611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE51E4F-FCFF-4DC0-9B76-861EE20D54A4",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network."
},
{
"lang": "es",
"value": "La aceptaci\u00f3n de datos extra\u00f1os no confiables junto con datos confiables en UrlMon permite que un atacante no autorizado eluda una caracter\u00edstica de seguridad en una red."
}
],
"id": "CVE-2025-29842",
"lastModified": "2025-05-19T18:29:35.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-05-13T17:15:55.083",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29842"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-349"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2024-12-06 14:41
Severity ?
Summary
Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del controlador ODBC de Microsoft WDAC SQL Server"
}
],
"id": "CVE-2024-26214",
"lastModified": "2024-12-06T14:41:12.913",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:40.043",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26214"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-16 13:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37983 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8D5CDF9D-43B5-411C-9627-14DECDA937BF",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "84562B34-6BC0-4DBD-B153-C8F1A065A08D",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "58DB776E-E3B6-4990-8AA2-6A63FDAA84C4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4AC4CAAB-C035-4D00-8DBC-9C3CE39FBBD4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8ED2CAD8-D2E2-4AF5-874A-2938D3C3EA0F",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D13B5EE1-0F5A-4DD8-9462-18FC0D2A59EE",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "857DFFF9-C926-41C5-96E6-7CD3DD86FDD8",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "73AD21BF-973F-47E2-8831-A8B9DD066D75",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6DDD519F-4617-4958-A2AA-5E5EC9D6E0E1",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FD728A6F-4F70-4407-B19C-92DF529793EC",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "11B05B8E-F956-45E2-A735-B3169384178F",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "FE4A4090-29D6-4B44-9B01-858886DAD93D",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "41629AD7-FF9A-4C54-9FFE-800F4C1E719B",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "89687486-E330-4475-9119-0E0AD18F8129",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B0F11A8-E14B-4A82-BB09-C4259FC6B0E6",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "FD22B308-7AB1-4820-8B4F-E79C18DB0FF0",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6D7CF880-E057-4694-8DD2-FF62D41A5BB7",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "1262CACE-C787-4F46-9E12-C9F254225FC5",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ED2BB762-C417-4B64-80A2-ED152893FAD7",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de la interfaz de firmware extensible de reanudaci\u00f3n de Windows"
}
],
"id": "CVE-2024-37983",
"lastModified": "2024-10-16T13:15:20.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-08T18:15:06.520",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37983"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-822"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-11 17:16
Modified
2025-07-03 17:14
Severity ?
Summary
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24996 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6997DE6E-CBAD-4690-A68C-8F10E477DCC2",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3CBCF6D9-5085-473C-82F5-98BC246A9C4C",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "67C8DCD7-90C4-431F-BD03-FDFDE170E748",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "05169574-28AB-4E42-B3DE-710574BB1AD3",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83256070-991F-404C-AE4C-CBB46166CA67",
"versionEndExcluding": "10.0.19044.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F779E2-8536-4B06-A151-6115C9D88D29",
"versionEndExcluding": "10.0.19045.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B27CE48-66A0-488B-A7B6-18A5A191AFDA",
"versionEndExcluding": "10.0.22621.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77DC7D9D-F85F-41B4-A944-D27B388A1157",
"versionEndExcluding": "10.0.22631.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "749B3071-291A-456E-90D5-4B0061B40064",
"versionEndExcluding": "10.0.26100.3476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7610CDB-A02B-4C62-B17F-6DCE2B3DE4F0",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D271422D-A29F-4DBF-BF72-BCD90E393A5A",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1426FF0-A402-4149-9F2B-0FA3CEB4BB5B",
"versionEndExcluding": "10.0.20348.3328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF423F8C-2E8A-46AB-BB2D-C416BF341F92",
"versionEndExcluding": "10.0.25398.1486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF81B44C-8FF7-4C61-9974-3F98DA9D492C",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network."
},
{
"lang": "es",
"value": "El control externo del nombre o la ruta de archivo en Windows NTLM permite que un atacante no autorizado realice suplantaci\u00f3n de identidad a trav\u00e9s de una red."
}
],
"id": "CVE-2025-24996",
"lastModified": "2025-07-03T17:14:06.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-03-11T17:16:36.803",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24996"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-16 21:49
Severity ?
Summary
Windows Graphics Component Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43534 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8D5CDF9D-43B5-411C-9627-14DECDA937BF",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "84562B34-6BC0-4DBD-B153-C8F1A065A08D",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "58DB776E-E3B6-4990-8AA2-6A63FDAA84C4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4AC4CAAB-C035-4D00-8DBC-9C3CE39FBBD4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8ED2CAD8-D2E2-4AF5-874A-2938D3C3EA0F",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D13B5EE1-0F5A-4DD8-9462-18FC0D2A59EE",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "857DFFF9-C926-41C5-96E6-7CD3DD86FDD8",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "73AD21BF-973F-47E2-8831-A8B9DD066D75",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6DDD519F-4617-4958-A2AA-5E5EC9D6E0E1",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FD728A6F-4F70-4407-B19C-92DF529793EC",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "11B05B8E-F956-45E2-A735-B3169384178F",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "FE4A4090-29D6-4B44-9B01-858886DAD93D",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "41629AD7-FF9A-4C54-9FFE-800F4C1E719B",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "89687486-E330-4475-9119-0E0AD18F8129",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B0F11A8-E14B-4A82-BB09-C4259FC6B0E6",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "FD22B308-7AB1-4820-8B4F-E79C18DB0FF0",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6D7CF880-E057-4694-8DD2-FF62D41A5BB7",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "1262CACE-C787-4F46-9E12-C9F254225FC5",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ED2BB762-C417-4B64-80A2-ED152893FAD7",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Graphics Component Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del componente gr\u00e1fico de Windows"
}
],
"id": "CVE-2024-43534",
"lastModified": "2024-10-16T21:49:06.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:17.630",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43534"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 19:55
Severity ?
Summary
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43524 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8ED2CAD8-D2E2-4AF5-874A-2938D3C3EA0F",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10021958-69E6-4B2A-8DF1-ECA2C2D95328",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE70C979-F86C-43B3-BCF6-F8A3E1DB6042",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801079-35D1-4489-A0AE-DA780FF4F9BC",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E727AE65-9D9E-49BA-A875-9D50FAE9F7DB",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1732A1-CE96-4F6A-BA6D-E67CD42C486D",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07DF8B6-0DF9-4BF1-9C9B-4A29F9611C8A",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Mobile Broadband Driver Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el controlador de banda ancha de Windows Mobile"
}
],
"id": "CVE-2024-43524",
"lastModified": "2024-10-17T19:55:58.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:16.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43524"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-118"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-11 17:16
Modified
2025-03-13 14:20
Severity ?
Summary
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24991 | Vendor Advisory |
Impacted products
{
"cisaActionDue": "2025-04-01",
"cisaExploitAdd": "2025-03-11",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6997DE6E-CBAD-4690-A68C-8F10E477DCC2",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3CBCF6D9-5085-473C-82F5-98BC246A9C4C",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "67C8DCD7-90C4-431F-BD03-FDFDE170E748",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "05169574-28AB-4E42-B3DE-710574BB1AD3",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "714C0D5E-BE31-45AB-A729-FF55DE59F593",
"versionEndExcluding": "10.0.19044.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0C8B2D45-7059-4FA0-A46C-64A171D287DA",
"versionEndExcluding": "10.0.19044.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "5569800D-B907-47CC-86D2-EC0118157916",
"versionEndExcluding": "10.0.19044.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "A84E706C-3A65-4920-8F80-2A684D3CB110",
"versionEndExcluding": "10.0.19045.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ED157557-37C1-4802-8746-B87120BA16FA",
"versionEndExcluding": "10.0.19045.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "BE8F0EF2-EED3-4791-AE26-D24D97B673D6",
"versionEndExcluding": "10.0.19045.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "C8949B3E-5847-42F8-A15A-D7515F0EE305",
"versionEndExcluding": "10.0.22621.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "84D4F97D-3BA2-4B7A-B650-5772DE49CE97",
"versionEndExcluding": "10.0.22621.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "82807292-1736-4453-B805-3D471BF94A35",
"versionEndExcluding": "10.0.22631.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E19130AD-ECD6-4FC4-B2C8-AB058BDEF928",
"versionEndExcluding": "10.0.22631.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B7ADF37E-1DD3-4539-8922-1E059955FEF1",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E0A74D52-ABC0-4733-B892-F8688B6AEBA7",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAACC9C4-DDC5-4059-AFE3-A49DB2347A86",
"versionEndExcluding": "10.0.20348.3270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "96046A7B-76A1-4DCF-AEA5-25344D37E492",
"versionEndExcluding": "10.0.25398.1486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CE542697-31D8-4EC2-8135-F0468431FD19",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally."
},
{
"lang": "es",
"value": "La lectura fuera de l\u00edmites en Windows NTFS permite que un atacante autorizado divulgue informaci\u00f3n localmente."
}
],
"id": "CVE-2025-24991",
"lastModified": "2025-03-13T14:20:06.393",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-03-11T17:16:35.297",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24991"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-12 17:15
Modified
2024-11-29 20:47
Severity ?
Summary
Windows Update Stack Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21432 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21432 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FAE3130D-C88C-42C1-89EF-A8F86254E04D",
"versionEndExcluding": "10.0.10240.20526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "CFF4870F-71A6-4ED9-B398-0757DC9A9B77",
"versionEndExcluding": "10.0.10240.20526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4C9B0826-AE47-44B1-988F-6B5CEFB45BD5",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "E037C8AE-56A8-4507-A34B-371A7D49F28D",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8680C6F7-3E4F-4AE6-914E-D95E571AF70A",
"versionEndExcluding": "10.0.19044.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "26CD5681-7CC7-42C3-AF89-D6A2C2A5591B",
"versionEndExcluding": "10.0.19044.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "5C9FEFA3-5E9D-4E93-ACBE-B47783601CF5",
"versionEndExcluding": "10.0.19044.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "68AF6C08-77D6-4786-B476-90D106F02DF0",
"versionEndExcluding": "10.0.19045.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C86ACE06-BA02-49BA-B274-441E74F98FB2",
"versionEndExcluding": "10.0.19045.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A4E3CAC2-4FF9-4A3C-B88C-070F5584157D",
"versionEndExcluding": "10.0.19045.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "647D078D-30D7-445E-AEC6-23EF9DAA6743",
"versionEndExcluding": "10.0.22000.2836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EA297849-30A4-485F-A0E6-085312791438",
"versionEndExcluding": "10.0.22000.2836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "18AE871D-E861-46E3-B00A-40B5F4296B36",
"versionEndExcluding": "10.0.22621.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5526C246-95D3-49B5-B857-AE46B469681A",
"versionEndExcluding": "10.0.22621.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B7830F58-69E3-4373-A5C7-2B85A743E7FD",
"versionEndExcluding": "10.0.22631.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "20DF4699-31FA-404B-BDEA-FE418854F538",
"versionEndExcluding": "10.0.22631.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231",
"versionEndExcluding": "10.0.20348.2340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB",
"versionEndExcluding": "10.0.25398.763",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Update Stack Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de la pila de Windows Update"
}
],
"id": "CVE-2024-21432",
"lastModified": "2024-11-29T20:47:25.987",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-03-12T17:15:51.900",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21432"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-18 15:02
Severity ?
Summary
PowerShell Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38046 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "85DD5735-7C22-4A98-B404-08FEF44A640F",
"versionEndExcluding": "10.0.10240.20766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83550045-529B-4968-A543-C9D298C0F31D",
"versionEndExcluding": "10.0.10240.20766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "90027BBC-56AF-4F14-A118-53BBA694A0CD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "DFB6CBF4-DA4A-4743-B8A1-3E41FCBEEBEC",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "89B89FB6-5A2C-4444-9D51-B5E46A506CA6",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ADD534CE-0B4C-43DB-A27C-AC67246D0A87",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "23DBE62F-98CC-4F76-A841-BB20C5E8075F",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EC7AA96F-CE3B-4E76-8BE8-A33E0E09F724",
"versionEndExcluding": "10.0.19044.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "273D661D-7A6D-476F-9143-EBDEDD938665",
"versionEndExcluding": "10.0.19044.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A769F920-AB17-4C52-A416-744D91A2DE93",
"versionEndExcluding": "10.0.19044.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6FBDC450-FB5A-469C-8D38-9586CE5A6F48",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6A08D353-356F-4BB0-A43F-15EBD6E2FB83",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "13DBA791-6F77-4DA1-8BF4-BA7C299C6188",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "27B86605-6710-4BC8-99A4-73462A011192",
"versionEndExcluding": "10.0.22000.3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "24ABE040-A076-4A03-9847-B4D0C2CA5E97",
"versionEndExcluding": "10.0.22000.3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "1943A041-87C3-404D-B09C-8E25E46A6E90",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4AC8FE5E-7E85-4520-BD68-3A9776948A5D",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "DFD03C4F-D6EA-41B7-A7E1-EE0C11407EA2",
"versionEndExcluding": "10.0.22631.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5EFBBCCD-A83C-4D06-BBF0-1A4E5C9F0283",
"versionEndExcluding": "10.0.22631.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6231A772-376C-4ED3-919B-EAD9D1439021",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "82EA7851-0235-4ACA-8BDB-89243CF2BDA7",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904",
"versionEndExcluding": "10.0.20348.2700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0",
"versionEndExcluding": "10.0.25398.1128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerShell Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en PowerShell"
}
],
"id": "CVE-2024-38046",
"lastModified": "2024-09-18T15:02:15.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:21.640",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38046"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:16
Modified
2025-01-16 20:33
Severity ?
Summary
Windows Telephony Service Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21411 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "79F031F0-7E96-4361-9E73-1617F5C51A5D",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "BB980EBB-388D-4D0B-8154-C15EC4E77757",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155593BE-9192-4286-81F7-2C66B55B0438",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Windows Telephony Service"
}
],
"id": "CVE-2025-21411",
"lastModified": "2025-01-16T20:33:43.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:16:04.860",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21411"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 17:22
Modified
2025-07-08 16:19
Severity ?
Summary
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FCC2974E-F0F4-4F33-9CCE-2CEA45A3AD86",
"versionEndExcluding": "10.0.10240.21034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A94EDBE2-AAFF-4E9A-A9E5-9B02ADB94471",
"versionEndExcluding": "10.0.10240.21034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "21CF85F1-CE6E-4AA2-B686-20766DB23D46",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "10F0F3D2-00CD-4F52-B31E-DEA656DBD8B3",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F081F99C-6E6A-4AB2-8DE8-6457582D80D6",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "7D9FCD92-0CED-43D3-87E0-630B80AC1A89",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5667B11-7E10-4A08-89D2-253D682151C5",
"versionEndExcluding": "10.0.19044.5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CB6E81-62E0-4B19-ADE9-5ADB260CB960",
"versionEndExcluding": "10.0.19045.5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDDDE2C-0235-4792-905A-DDDF5D346BDC",
"versionEndExcluding": "10.0.22621.5472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53835865-3135-4F16-9868-C96D8C5E2BED",
"versionEndExcluding": "10.0.22631.5472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA78F5F9-AEE3-423B-B82A-9ECEF2BDADF3",
"versionEndExcluding": "10.0.26100.4270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B7111D-5C1D-415B-8ED4-F891B4832B18",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E77CCA1-2FF6-429B-85A6-81E2B7C6B08F",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "889A792E-8809-4A78-AABC-0567D025927A",
"versionEndExcluding": "10.0.20348.3745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "537E7AD5-0562-490B-AB16-0805F8865C74",
"versionEndExcluding": "10.0.25398.1665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4BB5C4-1318-4006-9C50-0AED4E0C8A3F",
"versionEndExcluding": "10.0.26100.4270",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally."
},
{
"lang": "es",
"value": "La lectura fuera de los l\u00edmites en el Proveedor de administraci\u00f3n de almacenamiento de Windows permite que un atacante autorizado divulgue informaci\u00f3n localmente."
}
],
"id": "CVE-2025-32719",
"lastModified": "2025-07-08T16:19:14.697",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-06-10T17:22:00.110",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32719"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-11-21 09:25
Severity ?
Summary
Microsoft AllJoyn API Information Disclosure Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "90027BBC-56AF-4F14-A118-53BBA694A0CD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "DFB6CBF4-DA4A-4743-B8A1-3E41FCBEEBEC",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9450F3-BE07-4F9B-9C2B-29208AB91A9C",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C551E1F-A971-4AEE-8784-A6975D8E44D8",
"versionEndExcluding": "10.0.19044.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8610D293-28A5-4A3E-AE2D-BD21E7E42FDA",
"versionEndExcluding": "10.0.19041.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6A08D353-356F-4BB0-A43F-15EBD6E2FB83",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "13DBA791-6F77-4DA1-8BF4-BA7C299C6188",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF161E1C-AF7E-4F75-86BA-8479D0BA8086",
"versionEndExcluding": "10.0.22000.3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10708C4D-4596-4089-8DDB-5479DE084F64",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C582B2CD-0EFD-461E-9D3F-F74256E4526B",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904",
"versionEndExcluding": "10.0.20348.2700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0",
"versionEndExcluding": "10.0.25398.1128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft AllJoyn API Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de la API AllJoyn de Microsoft"
}
],
"id": "CVE-2024-38257",
"lastModified": "2024-11-21T09:25:10.023",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:31.567",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1980"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:15
Modified
2025-07-10 15:38
Severity ?
Summary
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26663 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "575117BF-9A1E-4B90-85D8-4172A58B3B72",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B3B4804C-685B-4F37-92DE-CE73D1B106B4",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "474622F8-06D4-4AD1-8D72-A674909A7634",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "559D55D4-2BF2-4B8F-90CA-C6B885334A3E",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACCA6F4-C140-4B2E-93FF-1B9DC093E831",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09E0970D-79B9-40D9-BFFF-25EE5A686B04",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640C45C8-83C3-4BBC-9176-705BEAA80E64",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9402D-6417-4F82-909A-D89C06C98794",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4B5FB3-A574-4DA6-9A43-0950B121CC92",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "Use after free en Windows LDAP: el protocolo ligero de acceso a directorios permite que un atacante no autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"id": "CVE-2025-26663",
"lastModified": "2025-07-10T15:38:00.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:15:49.337",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26663"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 19:55
Severity ?
Summary
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43545 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del servidor del protocolo de estado de certificado en l\u00ednea (OCSP) de Windows"
}
],
"id": "CVE-2024-43545",
"lastModified": "2024-10-17T19:55:41.200",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-10-08T18:15:19.690",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43545"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
PowerShell Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38043 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38043 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PowerShell Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de PowerShell"
}
],
"id": "CVE-2024-38043",
"lastModified": "2024-11-21T09:24:46.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:32.167",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38043"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-27 18:40
Severity ?
Summary
Windows BitLocker Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21214 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows BitLocker Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de BitLocker en Windows"
}
],
"id": "CVE-2025-21214",
"lastModified": "2025-01-27T18:40:22.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:32.777",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21214"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
Microsoft WS-Discovery Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38091 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38091 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE",
"versionEndExcluding": "10.0.10240.20710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft WS-Discovery Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio de Microsoft WS-Discovery"
}
],
"id": "CVE-2024-38091",
"lastModified": "2024-11-21T09:24:53.253",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:45.380",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38091"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-166"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 15:53
Severity ?
Summary
Windows Update Stack Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Update Stack Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de la pila de Windows Update"
}
],
"id": "CVE-2024-26236",
"lastModified": "2025-01-08T15:53:19.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:44.230",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26236"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-591"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-11 18:15
Modified
2025-02-26 17:01
Severity ?
Summary
Microsoft Digest Authentication Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21368 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8B692D57-D1F5-440E-AC28-C7633740ED6E",
"versionEndExcluding": "10.0.10240.20915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "44723F8C-6B56-4A27-B213-E822ADC16078",
"versionEndExcluding": "10.0.10240.20915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C91C224C-5CC9-42EF-8053-AC80EE2CC2B5",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "07421D08-3F88-4532-B652-36825784EFF9",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B5BC47F5-150E-4D18-8CC4-356F22171D81",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "E448ECB4-CE46-4A29-A092-5A4D334E5535",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A932CBA3-651F-4BBA-968A-2D6CA7DF8506",
"versionEndExcluding": "10.0.19044.5487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "810C8ECB-619F-447C-B352-E66F7EF5216E",
"versionEndExcluding": "10.0.19045.5487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30AF7170-5722-4C9C-A8AD-7A9F0C5952EE",
"versionEndExcluding": "10.0.22621.4890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62FFD367-FB8B-48CA-813F-760E4F393555",
"versionEndExcluding": "10.0.22631.4890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C5B9BC-F08B-49F8-82D3-7CC6BDB68995",
"versionEndExcluding": "10.0.26100.3194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "208FA80F-F742-473E-81D5-003DC2BFFC6C",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273EE4B9-8B53-4387-98C8-EC5D2558DB82",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1711CDE0-4C93-40D3-91B7-DE507143A45F",
"versionEndExcluding": "10.0.20348.3207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FB476271-F7D2-40F9-BAFC-2DCD597BFE27",
"versionEndExcluding": "10.0.25398.1425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C5C38103-E0F4-4302-98CE-BD8B20460004",
"versionEndExcluding": "10.0.26100.3194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Digest Authentication Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en la autenticaci\u00f3n de Microsoft Digest"
}
],
"id": "CVE-2025-21368",
"lastModified": "2025-02-26T17:01:12.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-02-11T18:15:35.123",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21368"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-27 18:48
Severity ?
Summary
Windows Digital Media Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21260 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Digital Media Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows Digital Media"
}
],
"id": "CVE-2025-21260",
"lastModified": "2025-01-27T18:48:49.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:44.927",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21260"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 18:15
Modified
2024-11-21 08:54
Severity ?
Summary
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21369 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21369 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448534CE-1C07-4DF1-8EDD-C43C3492898B",
"versionEndExcluding": "10.0.10240.20469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D282E53-ABBF-4832-9C93-A988586AE96E",
"versionEndExcluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1689DFD-D52D-4121-BFD7-DBF2BE4E7DE8",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C78776CC-3A9C-41A3-8BEB-D71D92F6579D",
"versionEndExcluding": "10.0.19044.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806CA6D2-42B2-4244-A5ED-D23E6DD56772",
"versionEndExcluding": "10.0.19045.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7F8173-9E59-48E4-98C9-4BEB6AE79451",
"versionEndExcluding": "10.0.22000.2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1",
"versionEndExcluding": "10.0.22621.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900D1DA2-6DA7-4681-966A-B9973B1329EA",
"versionEndExcluding": "10.0.22631.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14F86494-7001-40DB-A99E-34A9490F5B58",
"versionEndExcluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9098F92-79E7-4762-A37C-99B4CFA8CDD1",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D",
"versionEndExcluding": "10.0.20348.2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B",
"versionEndExcluding": "10.0.25398.709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Proveedor Microsoft WDAC OLE DB para la vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de SQL Server"
}
],
"id": "CVE-2024-21369",
"lastModified": "2024-11-21T08:54:13.023",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:15:54.447",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21369"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 18:15
Modified
2024-11-21 08:54
Severity ?
Summary
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21359 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21359 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448534CE-1C07-4DF1-8EDD-C43C3492898B",
"versionEndExcluding": "10.0.10240.20469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D282E53-ABBF-4832-9C93-A988586AE96E",
"versionEndExcluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1689DFD-D52D-4121-BFD7-DBF2BE4E7DE8",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C78776CC-3A9C-41A3-8BEB-D71D92F6579D",
"versionEndExcluding": "10.0.19044.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806CA6D2-42B2-4244-A5ED-D23E6DD56772",
"versionEndExcluding": "10.0.19045.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7F8173-9E59-48E4-98C9-4BEB6AE79451",
"versionEndExcluding": "10.0.22000.2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1",
"versionEndExcluding": "10.0.22621.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900D1DA2-6DA7-4681-966A-B9973B1329EA",
"versionEndExcluding": "10.0.22631.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14F86494-7001-40DB-A99E-34A9490F5B58",
"versionEndExcluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9098F92-79E7-4762-A37C-99B4CFA8CDD1",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D",
"versionEndExcluding": "10.0.20348.2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B",
"versionEndExcluding": "10.0.25398.709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Proveedor Microsoft WDAC OLE DB para la vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de SQL Server"
}
],
"id": "CVE-2024-21359",
"lastModified": "2024-11-21T08:54:11.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:15:52.710",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21359"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-12 17:15
Modified
2024-12-27 17:27
Severity ?
Summary
Windows Kernel Elevation of Privilege Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FAE3130D-C88C-42C1-89EF-A8F86254E04D",
"versionEndExcluding": "10.0.10240.20526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "CFF4870F-71A6-4ED9-B398-0757DC9A9B77",
"versionEndExcluding": "10.0.10240.20526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4C9B0826-AE47-44B1-988F-6B5CEFB45BD5",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "E037C8AE-56A8-4507-A34B-371A7D49F28D",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA95D8E-CAD9-4D07-AE35-36D83D546AA8",
"versionEndExcluding": "10.0.19044.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "968B931A-18E6-4425-B326-5A02C0B93A08",
"versionEndExcluding": "10.0.19045.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D08CEC8B-343C-486E-B6FA-F4D60ACF7E63",
"versionEndExcluding": "10.0.22000.2836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBD4A55-729C-4F86-AE29-6067F62FD03A",
"versionEndExcluding": "10.0.22621.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A332CC68-568F-406B-8463-9FEF359BEA4C",
"versionEndExcluding": "10.0.22631.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231",
"versionEndExcluding": "10.0.20348.2340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB",
"versionEndExcluding": "10.0.25398.763",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del kernel de Windows"
}
],
"id": "CVE-2024-26173",
"lastModified": "2024-12-27T17:27:57.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-03-12T17:15:56.543",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26173"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:15
Modified
2025-07-09 14:11
Severity ?
Summary
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26671 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "Use after free en los Servicios de Escritorio remoto de Windows permite que un atacante no autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"id": "CVE-2025-26671",
"lastModified": "2025-07-09T14:11:44.377",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:15:51.003",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26671"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-591"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:44
Severity ?
Summary
Secure Boot Security Feature Bypass Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de arranque seguro"
}
],
"id": "CVE-2024-26175",
"lastModified": "2025-01-08T16:44:43.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:36.327",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26175"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38015 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38015 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio de Windows Remote Desktop Gateway (RD Gateway)"
}
],
"id": "CVE-2024-38015",
"lastModified": "2024-11-21T09:24:43.110",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:27.290",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38015"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-11 17:16
Modified
2025-03-13 14:21
Severity ?
Summary
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24993 | Vendor Advisory |
Impacted products
{
"cisaActionDue": "2025-04-01",
"cisaExploitAdd": "2025-03-11",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6997DE6E-CBAD-4690-A68C-8F10E477DCC2",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3CBCF6D9-5085-473C-82F5-98BC246A9C4C",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "67C8DCD7-90C4-431F-BD03-FDFDE170E748",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "05169574-28AB-4E42-B3DE-710574BB1AD3",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "714C0D5E-BE31-45AB-A729-FF55DE59F593",
"versionEndExcluding": "10.0.19044.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0C8B2D45-7059-4FA0-A46C-64A171D287DA",
"versionEndExcluding": "10.0.19044.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "5569800D-B907-47CC-86D2-EC0118157916",
"versionEndExcluding": "10.0.19044.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "A84E706C-3A65-4920-8F80-2A684D3CB110",
"versionEndExcluding": "10.0.19045.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ED157557-37C1-4802-8746-B87120BA16FA",
"versionEndExcluding": "10.0.19045.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "BE8F0EF2-EED3-4791-AE26-D24D97B673D6",
"versionEndExcluding": "10.0.19045.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "C8949B3E-5847-42F8-A15A-D7515F0EE305",
"versionEndExcluding": "10.0.22621.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "84D4F97D-3BA2-4B7A-B650-5772DE49CE97",
"versionEndExcluding": "10.0.22621.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "82807292-1736-4453-B805-3D471BF94A35",
"versionEndExcluding": "10.0.22631.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E19130AD-ECD6-4FC4-B2C8-AB058BDEF928",
"versionEndExcluding": "10.0.22631.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B7ADF37E-1DD3-4539-8922-1E059955FEF1",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E0A74D52-ABC0-4733-B892-F8688B6AEBA7",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAACC9C4-DDC5-4059-AFE3-A49DB2347A86",
"versionEndExcluding": "10.0.20348.3270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "96046A7B-76A1-4DCF-AEA5-25344D37E492",
"versionEndExcluding": "10.0.25398.1486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CE542697-31D8-4EC2-8135-F0468431FD19",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer basado en mont\u00f3n en Windows NTFS permite que un atacante no autorizado ejecute c\u00f3digo localmente."
}
],
"id": "CVE-2025-24993",
"lastModified": "2025-03-13T14:21:58.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-03-11T17:16:35.797",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24993"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 17:22
Modified
2025-07-08 15:03
Severity ?
Summary
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33071 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B7111D-5C1D-415B-8ED4-F891B4832B18",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E77CCA1-2FF6-429B-85A6-81E2B7C6B08F",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "889A792E-8809-4A78-AABC-0567D025927A",
"versionEndExcluding": "10.0.20348.3745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "537E7AD5-0562-490B-AB16-0805F8865C74",
"versionEndExcluding": "10.0.25398.1665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4BB5C4-1318-4006-9C50-0AED4E0C8A3F",
"versionEndExcluding": "10.0.26100.4270",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "Use After Free en el servicio proxy KDC de Windows (KPSSVC) permite que un atacante no autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"id": "CVE-2025-33071",
"lastModified": "2025-07-08T15:03:09.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-06-10T17:22:59.847",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33071"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:15
Modified
2025-07-10 15:52
Severity ?
Summary
Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21197 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "575117BF-9A1E-4B90-85D8-4172A58B3B72",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B3B4804C-685B-4F37-92DE-CE73D1B106B4",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "474622F8-06D4-4AD1-8D72-A674909A7634",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "559D55D4-2BF2-4B8F-90CA-C6B885334A3E",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACCA6F4-C140-4B2E-93FF-1B9DC093E831",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09E0970D-79B9-40D9-BFFF-25EE5A686B04",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640C45C8-83C3-4BBC-9176-705BEAA80E64",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9402D-6417-4F82-909A-D89C06C98794",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4B5FB3-A574-4DA6-9A43-0950B121CC92",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn\u0027t have permission to list content."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en Windows NTFS permite que un atacante autorizado divulgue informaci\u00f3n de la ruta de un archivo en una carpeta donde el atacante no tiene permiso para enumerar el contenido."
}
],
"id": "CVE-2025-21197",
"lastModified": "2025-07-10T15:52:05.307",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:15:45.020",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21197"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:15
Modified
2025-07-08 19:13
Severity ?
Summary
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27480 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "Use after free en el Servicio de puerta de enlace de Escritorio remoto permite que un atacante no autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"id": "CVE-2025-27480",
"lastModified": "2025-07-08T19:13:43.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:15:58.447",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27480"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-08 12:43
Severity ?
Summary
Input Method Editor (IME) Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49079 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "10F567C3-3739-4F3D-B9E0-D2725D09CE0D",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "04D1F48B-C323-4062-B5E1-9700ADBB153C",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "29B44B5E-3D35-4A5B-A916-6E70923FAB7C",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "77EAFFB9-3053-4197-B52D-69F4F86C8FBA",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5FA7C375-3A7C-4F34-B6E7-82C187B4F7AF",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "576F141F-C874-4817-961A-2C4D2AB3DEA4",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F814C24B-FA54-4B97-8387-6EE9AC269178",
"versionEndExcluding": "10.0.19044.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF40E59-FC32-4047-8A63-EE0819A32962",
"versionEndExcluding": "10.0.19045.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3B0836-B782-4C1A-B0D1-B6111CBC8DED",
"versionEndExcluding": "10.0.22621.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B584A6-DEDC-4D7C-9579-B82091B698E0",
"versionEndExcluding": "10.0.22631.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "594D3E33-9ADE-47EF-8032-A5EDC948F92B",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "361D1B8E-6E56-4B5F-85D1-D47114A10A81",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECABB2C-DACB-4BBD-8739-DDB00285B0A7",
"versionEndExcluding": "10.0.20348.2966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Input Method Editor (IME) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el editor de m\u00e9todos de entrada (IME)"
}
],
"id": "CVE-2024-49079",
"lastModified": "2025-01-08T12:43:12.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:32.270",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49079"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-13 14:52
Severity ?
Summary
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43454 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:x64:*",
"matchCriteriaId": "C0DC57FA-88F8-4D5C-94BD-3A8B1FB8C047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904",
"versionEndExcluding": "10.0.20348.2700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0",
"versionEndExcluding": "10.0.25398.1128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el servicio de licencias de escritorio remoto de Windows"
}
],
"id": "CVE-2024-43454",
"lastModified": "2024-09-13T14:52:28.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:32.583",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43454"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 20:54
Severity ?
Summary
Windows DNS Spoofing Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37968 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28824912-3E9D-4E1E-AE1F-F9700DB892C0",
"versionEndExcluding": "6.2.9200.25031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows DNS Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de DNS de Windows"
}
],
"id": "CVE-2024-37968",
"lastModified": "2024-08-16T20:54:18.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:09.757",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37968"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 17:22
Modified
2025-07-10 16:17
Severity ?
Summary
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32725 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B7111D-5C1D-415B-8ED4-F891B4832B18",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E77CCA1-2FF6-429B-85A6-81E2B7C6B08F",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "889A792E-8809-4A78-AABC-0567D025927A",
"versionEndExcluding": "10.0.20348.3745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "537E7AD5-0562-490B-AB16-0805F8865C74",
"versionEndExcluding": "10.0.25398.1665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4BB5C4-1318-4006-9C50-0AED4E0C8A3F",
"versionEndExcluding": "10.0.26100.4270",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network."
},
{
"lang": "es",
"value": "Una falla del mecanismo de protecci\u00f3n en el servidor DHCP de Windows permite que un atacante no autorizado deniegue el servicio en una red."
}
],
"id": "CVE-2025-32725",
"lastModified": "2025-07-10T16:17:56.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-06-10T17:22:10.373",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32725"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 17:16
Modified
2025-01-08 15:47
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3CAB1AF9-3205-47E7-9F73-B4F29CB7499E",
"versionEndExcluding": "10.0.10240.20651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "17FA38AD-A8CD-4141-A555-0756F05C69B1",
"versionEndExcluding": "10.0.10240.20651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "208A4966-0B4A-44BD-A94E-D432529D4A7A",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "D0993DA2-43E8-4E09-A8FE-9D4EC48A881D",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA2824B-BEA1-438D-A606-65BF5C85AF19",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64DEDA09-D9D3-4974-A4C1-36D2A7C27916",
"versionEndExcluding": "10.0.19044.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAF4860-124C-4A1B-AF4B-12C676E545DC",
"versionEndExcluding": "10.0.19045.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C65169A-BEF8-4C27-8F3C-F30401DFDB71",
"versionEndExcluding": "10.0.22000.2960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96D1BF2-D11D-4355-A9E8-7F89485772D3",
"versionEndExcluding": "10.0.22621.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44D7840D-388C-46D8-9782-A49FE9D54704",
"versionEndExcluding": "10.0.22631.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B922822-E4BC-4538-9E88-EDA645062A44",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3B72F9-A2EA-4C74-98B5-3543A98B9098",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64742A11-4335-4D12-9112-B94B6FF44F41",
"versionEndExcluding": "10.0.20348.2461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7510F630-1C49-4F21-A814-2406F94CA5C7",
"versionEndExcluding": "10.0.25398.887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-30024",
"lastModified": "2025-01-08T15:47:13.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-05-14T17:16:57.523",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30024"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-197"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-17 16:38
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38240 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "85DD5735-7C22-4A98-B404-08FEF44A640F",
"versionEndExcluding": "10.0.10240.20766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83550045-529B-4968-A543-C9D298C0F31D",
"versionEndExcluding": "10.0.10240.20766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "90027BBC-56AF-4F14-A118-53BBA694A0CD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "DFB6CBF4-DA4A-4743-B8A1-3E41FCBEEBEC",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9450F3-BE07-4F9B-9C2B-29208AB91A9C",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C7FEB1-00AE-42A6-BBAA-A30081BD4A83",
"versionEndExcluding": "10.0.19044.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6FBDC450-FB5A-469C-8D38-9586CE5A6F48",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6A08D353-356F-4BB0-A43F-15EBD6E2FB83",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "13DBA791-6F77-4DA1-8BF4-BA7C299C6188",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF161E1C-AF7E-4F75-86BA-8479D0BA8086",
"versionEndExcluding": "10.0.22000.3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10708C4D-4596-4089-8DDB-5479DE084F64",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "76AB8812-9BA5-415B-A6B1-C5AD065D3382",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5EFBBCCD-A83C-4D06-BBF0-1A4E5C9F0283",
"versionEndExcluding": "10.0.22631.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6231A772-376C-4ED3-919B-EAD9D1439021",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "82EA7851-0235-4ACA-8BDB-89243CF2BDA7",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "8968BAC8-A1DB-4F88-89F8-4BE47919C247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904",
"versionEndExcluding": "10.0.20348.2700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0",
"versionEndExcluding": "10.0.25398.1128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Access Connection Manager Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el Administrador de conexi\u00f3n de acceso remoto de Windows"
}
],
"id": "CVE-2024-38240",
"lastModified": "2024-09-17T16:38:39.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:27.957",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38240"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:04
Severity ?
Summary
Secure Boot Security Feature Bypass Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de arranque seguro"
}
],
"id": "CVE-2024-28898",
"lastModified": "2025-01-08T16:04:27.403",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.4,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:48.260",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28898"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 15:43
Severity ?
Summary
Windows Hyper-V Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38127 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "446E539F-A4D6-43FD-A4D7-90EF7ED67892",
"versionEndExcluding": "10.0.10240.20751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FA0304FD-3109-4A15-A2BC-CB1AA66C7877",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C4CD3CA7-0976-48E3-9304-66369FD13F81",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "A11D3053-21AC-4260-BF3C-6382EE015932",
"versionEndExcluding": "10.0.19044.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9637D3C1-FA14-4086-962D-7270EA576D02",
"versionEndExcluding": "10.0.19045.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E",
"versionEndExcluding": "10.0.22000.3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28824912-3E9D-4E1E-AE1F-F9700DB892C0",
"versionEndExcluding": "6.2.9200.25031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de Windows Hyper-V"
}
],
"id": "CVE-2024-38127",
"lastModified": "2024-08-16T15:43:13.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:14.597",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38127"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-126"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 17:16
Modified
2025-01-16 19:12
Severity ?
Summary
Windows DWM Core Library Information Disclosure Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3CAB1AF9-3205-47E7-9F73-B4F29CB7499E",
"versionEndExcluding": "10.0.10240.20651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "17FA38AD-A8CD-4141-A555-0756F05C69B1",
"versionEndExcluding": "10.0.10240.20651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "208A4966-0B4A-44BD-A94E-D432529D4A7A",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "D0993DA2-43E8-4E09-A8FE-9D4EC48A881D",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA2824B-BEA1-438D-A606-65BF5C85AF19",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64DEDA09-D9D3-4974-A4C1-36D2A7C27916",
"versionEndExcluding": "10.0.19044.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAF4860-124C-4A1B-AF4B-12C676E545DC",
"versionEndExcluding": "10.0.19045.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C65169A-BEF8-4C27-8F3C-F30401DFDB71",
"versionEndExcluding": "10.0.22000.2960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96D1BF2-D11D-4355-A9E8-7F89485772D3",
"versionEndExcluding": "10.0.22621.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44D7840D-388C-46D8-9782-A49FE9D54704",
"versionEndExcluding": "10.0.22631.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B922822-E4BC-4538-9E88-EDA645062A44",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3B72F9-A2EA-4C74-98B5-3543A98B9098",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64742A11-4335-4D12-9112-B94B6FF44F41",
"versionEndExcluding": "10.0.20348.2461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7510F630-1C49-4F21-A814-2406F94CA5C7",
"versionEndExcluding": "10.0.25398.887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows DWM Core Library Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de la librer\u00eda principal de Windows DWM"
}
],
"id": "CVE-2024-30008",
"lastModified": "2025-01-16T19:12:19.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-05-14T17:16:38.260",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30008"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2025-01-27 21:35
Severity ?
Summary
Windows MSHTML Platform Spoofing Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112 | Patch, Vendor Advisory |
Impacted products
{
"cisaActionDue": "2024-07-30",
"cisaExploitAdd": "2024-07-09",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows MSHTML Platform Spoofing Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE",
"versionEndExcluding": "10.0.10240.20710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0307F3A7-693F-45DC-9A11-AE725F942F1F",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "EC49BDAF-EAFF-4803-9944-826C82A5DBD8",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CC6302F7-6909-4EAA-A1BB-3B2BA92680BC",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "6DCF52FA-7A1F-44B4-8405-7D4C9E1CB79F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows MSHTML Platform Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de plataforma Windows MSHTML"
}
],
"id": "CVE-2024-38112",
"lastModified": "2025-01-27T21:35:50.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:47.860",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-451"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-12 17:15
Modified
2024-11-29 20:43
Severity ?
Summary
Windows USB Hub Driver Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21429 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21429 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FAE3130D-C88C-42C1-89EF-A8F86254E04D",
"versionEndExcluding": "10.0.10240.20526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "CFF4870F-71A6-4ED9-B398-0757DC9A9B77",
"versionEndExcluding": "10.0.10240.20526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4C9B0826-AE47-44B1-988F-6B5CEFB45BD5",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "E037C8AE-56A8-4507-A34B-371A7D49F28D",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8680C6F7-3E4F-4AE6-914E-D95E571AF70A",
"versionEndExcluding": "10.0.19044.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "26CD5681-7CC7-42C3-AF89-D6A2C2A5591B",
"versionEndExcluding": "10.0.19044.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "5C9FEFA3-5E9D-4E93-ACBE-B47783601CF5",
"versionEndExcluding": "10.0.19044.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "68AF6C08-77D6-4786-B476-90D106F02DF0",
"versionEndExcluding": "10.0.19045.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C86ACE06-BA02-49BA-B274-441E74F98FB2",
"versionEndExcluding": "10.0.19045.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A4E3CAC2-4FF9-4A3C-B88C-070F5584157D",
"versionEndExcluding": "10.0.19045.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "647D078D-30D7-445E-AEC6-23EF9DAA6743",
"versionEndExcluding": "10.0.22000.2836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EA297849-30A4-485F-A0E6-085312791438",
"versionEndExcluding": "10.0.22000.2836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "18AE871D-E861-46E3-B00A-40B5F4296B36",
"versionEndExcluding": "10.0.22621.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5526C246-95D3-49B5-B857-AE46B469681A",
"versionEndExcluding": "10.0.22621.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B7830F58-69E3-4373-A5C7-2B85A743E7FD",
"versionEndExcluding": "10.0.22631.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "20DF4699-31FA-404B-BDEA-FE418854F538",
"versionEndExcluding": "10.0.22631.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231",
"versionEndExcluding": "10.0.20348.2340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB",
"versionEndExcluding": "10.0.25398.763",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows USB Hub Driver Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del controlador del concentrador USB de Windows"
}
],
"id": "CVE-2024-21429",
"lastModified": "2024-11-29T20:43:50.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-03-12T17:15:51.400",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21429"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-197"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 19:48
Severity ?
Summary
Windows Storage Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43551 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "58DB776E-E3B6-4990-8AA2-6A63FDAA84C4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4AC4CAAB-C035-4D00-8DBC-9C3CE39FBBD4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8ED2CAD8-D2E2-4AF5-874A-2938D3C3EA0F",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10021958-69E6-4B2A-8DF1-ECA2C2D95328",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE70C979-F86C-43B3-BCF6-F8A3E1DB6042",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801079-35D1-4489-A0AE-DA780FF4F9BC",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E727AE65-9D9E-49BA-A875-9D50FAE9F7DB",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1732A1-CE96-4F6A-BA6D-E67CD42C486D",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07DF8B6-0DF9-4BF1-9C9B-4A29F9611C8A",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Storage Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el almacenamiento de Windows"
}
],
"id": "CVE-2024-43551",
"lastModified": "2024-10-17T19:48:47.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:20.783",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43551"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 17:16
Modified
2025-03-10 20:23
Severity ?
Summary
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250 | Patch, Vendor Advisory |
Impacted products
{
"cisaActionDue": "2025-01-06",
"cisaExploitAdd": "2024-12-16",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability ",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7733FD-F870-4578-A567-9900AD6C78E3",
"versionEndExcluding": "10.0.10240.20680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96DA51E-404E-49AE-B852-56FF8A1CEEA6",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B52F95E-6080-46C6-B4B6-E2B3F3E78456",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEAF689-E8DB-4D3C-BC2E-B386BC077BC5",
"versionEndExcluding": "10.0.19044.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "970F54FC-F4ED-49B9-BE94-96B7212FD149",
"versionEndExcluding": "10.0.19045.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84ECD6C0-8C47-4D2F-82B5-4F8C0BBC5FEE",
"versionEndExcluding": "10.0.22000.3019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E80DF17-1F27-474E-B147-9F5B6C494300",
"versionEndExcluding": "10.0.22621.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4258468C-56CC-45C0-B510-FC833E942876",
"versionEndExcluding": "10.0.22631.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA61AAF0-D769-4287-AA5C-EFDAD067E9F1",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F9D974-A968-4CBB-81D8-C73B76DD284A",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498A643B-0180-4AD3-BD7C-5E3CEB0FD112",
"versionEndExcluding": "10.0.20348.2522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA59E2D-57B2-4E8B-937A-3EB51A3AD285",
"versionEndExcluding": "10.0.25398.950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel-Mode Driver Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del controlador en modo kernel de Windows"
}
],
"id": "CVE-2024-35250",
"lastModified": "2025-03-10T20:23:53.597",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-06-11T17:16:02.650",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-822"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-22 12:55
Severity ?
Summary
BranchCache Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38149 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8D5CDF9D-43B5-411C-9627-14DECDA937BF",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "84562B34-6BC0-4DBD-B153-C8F1A065A08D",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "58DB776E-E3B6-4990-8AA2-6A63FDAA84C4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4AC4CAAB-C035-4D00-8DBC-9C3CE39FBBD4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E73B5EB-3264-4FFD-A467-03F716E8B410",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10021958-69E6-4B2A-8DF1-ECA2C2D95328",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE70C979-F86C-43B3-BCF6-F8A3E1DB6042",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801079-35D1-4489-A0AE-DA780FF4F9BC",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E727AE65-9D9E-49BA-A875-9D50FAE9F7DB",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1732A1-CE96-4F6A-BA6D-E67CD42C486D",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "1262CACE-C787-4F46-9E12-C9F254225FC5",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ED2BB762-C417-4B64-80A2-ED152893FAD7",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "F73D1308-DB13-4B6C-A66F-5542FDCA749C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "8968BAC8-A1DB-4F88-89F8-4BE47919C247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BranchCache Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio en BranchCache"
}
],
"id": "CVE-2024-38149",
"lastModified": "2024-10-22T12:55:10.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:07.517",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38149"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-12 18:15
Modified
2024-11-21 14:15
Severity ?
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43637 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "94D57126-EC8D-4898-A5FE-D7EB6463B634",
"versionEndExcluding": "10.0.10240.20826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "54AA8A1F-0EAD-406A-A4AF-B86C316D1089",
"versionEndExcluding": "10.0.10240.20826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "86F8F1B2-C206-4CD6-83C6-C450329CEE10",
"versionEndExcluding": "10.0.14393.7515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "FCBE6103-075E-4841-836D-4E0D630E99FF",
"versionEndExcluding": "10.0.14393.7515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "81C732A1-CC0F-4633-B00D-473869E77DB9",
"versionEndExcluding": "10.0.17763.6532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "AF9C20B8-CB5E-46C9-B041-D6A42C26703B",
"versionEndExcluding": "10.0.17763.6532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "71AD0B79-C3EF-4E13-AB04-D5FAEABA6954",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B35413A3-DE3B-4E35-AB48-C6D5D138AC07",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "D0558F5F-A561-41E9-9242-7F4A5D924479",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EA243DE7-EDB1-43DA-AD7E-541843DECB58",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5D428E06-FC7C-4151-9582-D66D05D7AFE6",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "FB49C811-F4D7-46EB-9ED6-50CB3EAAAD90",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "04BC0915-6F14-4D7A-951F-83CBAB47C3C4",
"versionEndExcluding": "10.0.22621.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8A16CFCB-D002-4F63-B568-9D14ACE88E94",
"versionEndExcluding": "10.0.22621.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B8FE14E5-7226-43CA-A57E-A81636185AD4",
"versionEndExcluding": "10.0.22631.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "97507261-3969-4EBF-BCED-93FBADCBB6DC",
"versionEndExcluding": "10.0.22631.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D32C04CA-E5BE-47CA-AF79-B39859288531",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "40A6B92E-21C6-4BDD-BA57-DC227FF0F998",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82E3AC46-9D0D-4381-93EE-FE87C212040A",
"versionEndExcluding": "10.0.14393.7515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A43E1F6C-B2A7-4DEC-B4EC-04153746C42B",
"versionEndExcluding": "10.0.17763.6532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38D9CE84-B85F-42B0-959D-A390427A1641",
"versionEndExcluding": "10.0.20348.2849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A549BD98-3DE2-4EF3-A579-12AFCB764975",
"versionEndExcluding": "10.0.25398.1251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F17FD7F-254D-4EE6-9D22-468E76D9B054",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows USB Video Class System Driver Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el controlador del sistema de clase de v\u00eddeo USB de Windows"
}
],
"id": "CVE-2024-43637",
"lastModified": "2024-11-21T14:15:12.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2024-11-12T18:15:32.773",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43637"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-13 17:15
Modified
2025-05-19 18:18
Severity ?
Summary
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29836 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B6B5CAA-8A5A-4676-BC01-CD97BDCE5763",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4E77111E-B41A-4E88-AC0B-2EBEC9E042FF",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "A725E104-8456-4AE8-9A9D-10127FC36BDE",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4720EC2C-1371-4D1F-80E6-7804D079C183",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "63199B82-79B6-461A-AC6D-CD1EE5EBCC80",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C7D99F6B-B97B-4010-AA5C-84E9FE50D860",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8047D88E-3BAD-4DCE-A1CD-68BEBEE06D50",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "66B77F75-39F2-46EE-BC6F-06650808568E",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "63101BFA-2F60-49BD-8E03-6F13FA9A106D",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "26BA0DF8-5B45-4B1D-A5F2-3D3B7A60AF90",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "404F532F-861B-42E0-B31D-325E5CFEE8EC",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "2A951F53-2D80-44A8-ADE4-9E26702BB76E",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "CA321DC2-D196-4C81-87E8-B1A240A75CB8",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CA476FFD-741C-4534-AA84-BA3511AE1413",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "28D1BDF2-8DF7-48DF-BBF7-E5DE3EF243D1",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3F66E394-51B6-48B2-AFF6-A45007E654AD",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "4448191F-2152-4E7F-8D4A-4EE7ED6657D6",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "7CE8E58A-59AA-4649-8C0F-0DB11A1D1936",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91433700-DB90-4524-8FAE-FF3895C2A45F",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B47EE2B-4081-4D43-8AF7-C8EB11852312",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76679D4E-C4EF-4EED-BCDE-79F5AF859576",
"versionEndExcluding": "10.0.20348.3692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9B2720-3733-4C50-85F7-156D781D15B8",
"versionEndExcluding": "10.0.25398.1611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE51E4F-FCFF-4DC0-9B76-861EE20D54A4",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network."
},
{
"lang": "es",
"value": "La lectura fuera de los l\u00edmites en el Servicio de enrutamiento y acceso remoto de Windows (RRAS) permite que un atacante no autorizado divulgue informaci\u00f3n a trav\u00e9s de una red."
}
],
"id": "CVE-2025-29836",
"lastModified": "2025-05-19T18:18:44.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-05-13T17:15:54.050",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29836"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 17:17
Modified
2025-01-08 15:47
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3CAB1AF9-3205-47E7-9F73-B4F29CB7499E",
"versionEndExcluding": "10.0.10240.20651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "17FA38AD-A8CD-4141-A555-0756F05C69B1",
"versionEndExcluding": "10.0.10240.20651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "208A4966-0B4A-44BD-A94E-D432529D4A7A",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "D0993DA2-43E8-4E09-A8FE-9D4EC48A881D",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA2824B-BEA1-438D-A606-65BF5C85AF19",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64DEDA09-D9D3-4974-A4C1-36D2A7C27916",
"versionEndExcluding": "10.0.19044.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAF4860-124C-4A1B-AF4B-12C676E545DC",
"versionEndExcluding": "10.0.19045.4412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C65169A-BEF8-4C27-8F3C-F30401DFDB71",
"versionEndExcluding": "10.0.22000.2960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96D1BF2-D11D-4355-A9E8-7F89485772D3",
"versionEndExcluding": "10.0.22621.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44D7840D-388C-46D8-9782-A49FE9D54704",
"versionEndExcluding": "10.0.22631.3593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B922822-E4BC-4538-9E88-EDA645062A44",
"versionEndExcluding": "10.0.14393.6981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3B72F9-A2EA-4C74-98B5-3543A98B9098",
"versionEndExcluding": "10.0.17763.5820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64742A11-4335-4D12-9112-B94B6FF44F41",
"versionEndExcluding": "10.0.20348.2461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7510F630-1C49-4F21-A814-2406F94CA5C7",
"versionEndExcluding": "10.0.25398.887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-30029",
"lastModified": "2025-01-08T15:47:58.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-05-14T17:17:01.497",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30029"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-197"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-08 12:34
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49104 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "10F567C3-3739-4F3D-B9E0-D2725D09CE0D",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "04D1F48B-C323-4062-B5E1-9700ADBB153C",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "29B44B5E-3D35-4A5B-A916-6E70923FAB7C",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "77EAFFB9-3053-4197-B52D-69F4F86C8FBA",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5FA7C375-3A7C-4F34-B6E7-82C187B4F7AF",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "576F141F-C874-4817-961A-2C4D2AB3DEA4",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F814C24B-FA54-4B97-8387-6EE9AC269178",
"versionEndExcluding": "10.0.19044.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF40E59-FC32-4047-8A63-EE0819A32962",
"versionEndExcluding": "10.0.19045.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3B0836-B782-4C1A-B0D1-B6111CBC8DED",
"versionEndExcluding": "10.0.22621.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B584A6-DEDC-4D7C-9579-B82091B698E0",
"versionEndExcluding": "10.0.22631.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "594D3E33-9ADE-47EF-8032-A5EDC948F92B",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "361D1B8E-6E56-4B5F-85D1-D47114A10A81",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECABB2C-DACB-4BBD-8739-DDB00285B0A7",
"versionEndExcluding": "10.0.20348.2966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-49104",
"lastModified": "2025-01-08T12:34:20.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:36.267",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49104"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-22 19:30
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43593 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-43593",
"lastModified": "2024-10-22T19:30:19.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-10-08T18:15:27.553",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43593"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-13 17:15
Modified
2025-05-19 18:20
Severity ?
Summary
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29831 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91433700-DB90-4524-8FAE-FF3895C2A45F",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B47EE2B-4081-4D43-8AF7-C8EB11852312",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76679D4E-C4EF-4EED-BCDE-79F5AF859576",
"versionEndExcluding": "10.0.20348.3692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9B2720-3733-4C50-85F7-156D781D15B8",
"versionEndExcluding": "10.0.25398.1611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE51E4F-FCFF-4DC0-9B76-861EE20D54A4",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "Use After Free en el Servicio de puerta de enlace de Escritorio remoto permite que un atacante no autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"id": "CVE-2025-29831",
"lastModified": "2025-05-19T18:20:14.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-05-13T17:15:53.297",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29831"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 17:15
Modified
2024-11-21 09:11
Severity ?
Summary
Win32k Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30082 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30082 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7733FD-F870-4578-A567-9900AD6C78E3",
"versionEndExcluding": "10.0.10240.20680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96DA51E-404E-49AE-B852-56FF8A1CEEA6",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B52F95E-6080-46C6-B4B6-E2B3F3E78456",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEAF689-E8DB-4D3C-BC2E-B386BC077BC5",
"versionEndExcluding": "10.0.19044.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "970F54FC-F4ED-49B9-BE94-96B7212FD149",
"versionEndExcluding": "10.0.19045.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84ECD6C0-8C47-4D2F-82B5-4F8C0BBC5FEE",
"versionEndExcluding": "10.0.22000.3019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E80DF17-1F27-474E-B147-9F5B6C494300",
"versionEndExcluding": "10.0.22621.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4258468C-56CC-45C0-B510-FC833E942876",
"versionEndExcluding": "10.0.22631.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA61AAF0-D769-4287-AA5C-EFDAD067E9F1",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F9D974-A968-4CBB-81D8-C73B76DD284A",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498A643B-0180-4AD3-BD7C-5E3CEB0FD112",
"versionEndExcluding": "10.0.20348.2522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA59E2D-57B2-4E8B-937A-3EB51A3AD285",
"versionEndExcluding": "10.0.25398.950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Win32k Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Win32k"
}
],
"id": "CVE-2024-30082",
"lastModified": "2024-11-21T09:11:13.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-06-11T17:15:55.443",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30082"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 17:15
Modified
2024-11-21 09:11
Severity ?
Summary
Winlogon Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30066 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30066 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7733FD-F870-4578-A567-9900AD6C78E3",
"versionEndExcluding": "10.0.10240.20680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96DA51E-404E-49AE-B852-56FF8A1CEEA6",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B52F95E-6080-46C6-B4B6-E2B3F3E78456",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEAF689-E8DB-4D3C-BC2E-B386BC077BC5",
"versionEndExcluding": "10.0.19044.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "970F54FC-F4ED-49B9-BE94-96B7212FD149",
"versionEndExcluding": "10.0.19045.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84ECD6C0-8C47-4D2F-82B5-4F8C0BBC5FEE",
"versionEndExcluding": "10.0.22000.3019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E80DF17-1F27-474E-B147-9F5B6C494300",
"versionEndExcluding": "10.0.22621.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4258468C-56CC-45C0-B510-FC833E942876",
"versionEndExcluding": "10.0.22631.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA61AAF0-D769-4287-AA5C-EFDAD067E9F1",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F9D974-A968-4CBB-81D8-C73B76DD284A",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498A643B-0180-4AD3-BD7C-5E3CEB0FD112",
"versionEndExcluding": "10.0.20348.2522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA59E2D-57B2-4E8B-937A-3EB51A3AD285",
"versionEndExcluding": "10.0.25398.950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Winlogon Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de Winlogon"
}
],
"id": "CVE-2024-30066",
"lastModified": "2024-11-21T09:11:10.817",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-06-11T17:15:52.723",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30066"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-22 14:44
Severity ?
Summary
Windows Kernel Memory Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21319 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155593BE-9192-4286-81F7-2C66B55B0438",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Memory Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de memoria del kernel de Windows"
}
],
"id": "CVE-2025-21319",
"lastModified": "2025-01-22T14:44:50.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:56.090",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21319"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-09 18:15
Modified
2024-11-21 08:52
Severity ?
Summary
Windows Hyper-V Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20699 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20699 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9C150F7E-8967-4AB8-8DF8-EBC89A10D554",
"versionEndExcluding": "10.0.17763.5329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5BFCE595-C6A9-4F10-9EC7-58C1D66BB436",
"versionEndExcluding": "10.0.19044.3930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "047947E7-B85E-4D6A-9B92-E39E4828206E",
"versionEndExcluding": "10.0.19045.3930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0F377DD9-2DBF-4202-AF3F-6AC6A809F4E2",
"versionEndExcluding": "10.0.22000.2713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "04C81079-1855-4F8C-A9E2-3E2CC796C4F0",
"versionEndExcluding": "10.0.22621.3007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "A00CE59A-0762-4AA4-99DA-5C9545F85666",
"versionEndExcluding": "10.0.22631.3007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75CCACE6-A0EE-4A6F-BD5A-7AA504B02717",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio de Windows Hyper-V"
}
],
"id": "CVE-2024-20699",
"lastModified": "2024-11-21T08:52:57.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-01-09T18:15:53.490",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20699"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 15:22
Severity ?
Summary
Windows File Server Resource Management Service Elevation of Privilege Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows File Server Resource Management Service Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del servicio de administraci\u00f3n de recursos del servidor de archivos de Windows"
}
],
"id": "CVE-2024-26216",
"lastModified": "2025-01-08T15:22:26.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:40.447",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26216"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 17:23
Modified
2025-07-09 16:46
Severity ?
Summary
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33075 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FCC2974E-F0F4-4F33-9CCE-2CEA45A3AD86",
"versionEndExcluding": "10.0.10240.21034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A94EDBE2-AAFF-4E9A-A9E5-9B02ADB94471",
"versionEndExcluding": "10.0.10240.21034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "21CF85F1-CE6E-4AA2-B686-20766DB23D46",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "10F0F3D2-00CD-4F52-B31E-DEA656DBD8B3",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F081F99C-6E6A-4AB2-8DE8-6457582D80D6",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "7D9FCD92-0CED-43D3-87E0-630B80AC1A89",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5667B11-7E10-4A08-89D2-253D682151C5",
"versionEndExcluding": "10.0.19044.5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CB6E81-62E0-4B19-ADE9-5ADB260CB960",
"versionEndExcluding": "10.0.19045.5965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDDDE2C-0235-4792-905A-DDDF5D346BDC",
"versionEndExcluding": "10.0.22621.5472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53835865-3135-4F16-9868-C96D8C5E2BED",
"versionEndExcluding": "10.0.22631.5472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA78F5F9-AEE3-423B-B82A-9ECEF2BDADF3",
"versionEndExcluding": "10.0.26100.4270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B7111D-5C1D-415B-8ED4-F891B4832B18",
"versionEndExcluding": "10.0.14393.8148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E77CCA1-2FF6-429B-85A6-81E2B7C6B08F",
"versionEndExcluding": "10.0.17763.7434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "889A792E-8809-4A78-AABC-0567D025927A",
"versionEndExcluding": "10.0.20348.3745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "537E7AD5-0562-490B-AB16-0805F8865C74",
"versionEndExcluding": "10.0.25398.1665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4BB5C4-1318-4006-9C50-0AED4E0C8A3F",
"versionEndExcluding": "10.0.26100.4270",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper link resolution before file access (\u0027link following\u0027) in Windows Installer allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "La resoluci\u00f3n incorrecta de un enlace antes del acceso al archivo (\u0027seguimiento de enlace\u0027) en Windows Installer permite que un atacante autorizado eleve privilegios localmente."
}
],
"id": "CVE-2025-33075",
"lastModified": "2025-07-09T16:46:06.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-06-10T17:23:08.797",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33075"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 18:15
Modified
2025-01-23 18:17
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Windows DWM Core Library Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033 | Patch, Vendor Advisory |
Impacted products
{
"cisaActionDue": "2023-12-05",
"cisaExploitAdd": "2023-11-14",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "4F018A9A-D2BC-4EB0-BC64-B92DC4EF68DF",
"versionEndExcluding": "10.0.17763.5122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "455A430D-8451-4B60-8496-E0A0CE27EDE3",
"versionEndExcluding": "10.0.17763.5122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "395069C3-88A4-493F-9437-23BFC54EA6EE",
"versionEndExcluding": "10.0.17763.5122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "0968B391-593B-41A0-92BF-5ADA3A420AEA",
"versionEndExcluding": "10.0.19041.3693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "058883C8-393C-4B21-860B-A49BAB8E56B6",
"versionEndExcluding": "10.0.19041.3693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "BC4D8D03-F568-47C0-8DDF-C5004AC81402",
"versionEndExcluding": "10.0.19041.3693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "F71725C1-4E22-4FD8-9A38-39522AB2F8CF",
"versionEndExcluding": "10.0.19045.3693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F72FEE7B-4D80-41C7-A23F-065BE8B58013",
"versionEndExcluding": "10.0.19045.3693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "6FABED21-4A49-4D73-AA4D-37A785CC400C",
"versionEndExcluding": "10.0.19045.3693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "890C6D87-B036-4F68-9BED-0B7783C522BC",
"versionEndExcluding": "10.0.22000.2600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B4201E00-C986-4591-8ADA-46BD71980C1C",
"versionEndExcluding": "10.0.22000.2600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "973233D7-396D-4C4F-A276-5D857496CC2D",
"versionEndExcluding": "10.0.22621.2715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "A3EDFF9F-3C99-47BC-BAB6-A0E68495C469",
"versionEndExcluding": "10.0.22621.2715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "33C8F7A9-A4A9-4DEF-9AA9-B5CF830DF15B",
"versionEndExcluding": "10.0.22621.2715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CEAD5D1A-6484-438F-8852-DC583D4AA5D0",
"versionEndExcluding": "10.0.22621.2715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "940B3D77-2D2E-41F3-8450-27AF8BB17F18",
"versionEndExcluding": "10.0.17763.5122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB96325-BCC0-4C49-AF2A-A12C5CE1D818",
"versionEndExcluding": "10.0.20348.2113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A",
"versionEndExcluding": "10.0.25398.531",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows DWM Core Library Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de la biblioteca principal de Windows DWM."
}
],
"id": "CVE-2023-36033",
"lastModified": "2025-01-23T18:17:51.707",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T18:15:32.677",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-822"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-27 18:38
Severity ?
Summary
Windows COM Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21272 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows COM Server Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Windows COM Server"
}
],
"id": "CVE-2025-21272",
"lastModified": "2025-01-27T18:38:15.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:46.987",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21272"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 18:15
Modified
2025-04-28 20:47
Severity ?
Summary
Windows Kernel Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstorm.news/files/id/190586/ | Exploit, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/52275 | Exploit, VDB Entry |
Impacted products
{
"cisaActionDue": "2024-03-25",
"cisaExploitAdd": "2024-03-04",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1689DFD-D52D-4121-BFD7-DBF2BE4E7DE8",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C78776CC-3A9C-41A3-8BEB-D71D92F6579D",
"versionEndExcluding": "10.0.19044.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806CA6D2-42B2-4244-A5ED-D23E6DD56772",
"versionEndExcluding": "10.0.19045.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7F8173-9E59-48E4-98C9-4BEB6AE79451",
"versionEndExcluding": "10.0.22000.2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1",
"versionEndExcluding": "10.0.22621.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900D1DA2-6DA7-4681-966A-B9973B1329EA",
"versionEndExcluding": "10.0.22631.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9098F92-79E7-4762-A37C-99B4CFA8CDD1",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D",
"versionEndExcluding": "10.0.20348.2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62322DCD-FDD1-4E54-A51A-08D68890E7DE",
"versionEndIncluding": "10.0.25398.709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del kernel de Windows"
}
],
"id": "CVE-2024-21338",
"lastModified": "2025-04-28T20:47:49.677",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:15:49.083",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"VDB Entry"
],
"url": "https://packetstorm.news/files/id/190586/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/52275"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-822"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-21 20:04
Severity ?
Summary
Windows Remote Desktop Services Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21330 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Services\u00a0Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio de Windows Remote Desktop Services"
}
],
"id": "CVE-2025-21330",
"lastModified": "2025-01-21T20:04:19.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:57.940",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21330"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
Win32k Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38059 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38059 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Win32k Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Win32k"
}
],
"id": "CVE-2024-38059",
"lastModified": "2024-11-21T09:24:48.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:37.173",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38059"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-14 14:55
Severity ?
Summary
Windows Mark of the Web Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38213 | Patch, Vendor Advisory |
Impacted products
{
"cisaActionDue": "2024-09-03",
"cisaExploitAdd": "2024-08-13",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows SmartScreen Security Feature Bypass Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7733FD-F870-4578-A567-9900AD6C78E3",
"versionEndExcluding": "10.0.10240.20680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96DA51E-404E-49AE-B852-56FF8A1CEEA6",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B52F95E-6080-46C6-B4B6-E2B3F3E78456",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEAF689-E8DB-4D3C-BC2E-B386BC077BC5",
"versionEndExcluding": "10.0.19044.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "970F54FC-F4ED-49B9-BE94-96B7212FD149",
"versionEndExcluding": "10.0.19045.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84ECD6C0-8C47-4D2F-82B5-4F8C0BBC5FEE",
"versionEndExcluding": "10.0.22000.3019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E80DF17-1F27-474E-B147-9F5B6C494300",
"versionEndExcluding": "10.0.22621.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4258468C-56CC-45C0-B510-FC833E942876",
"versionEndExcluding": "10.0.22631.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48EA2B6D-D604-4548-88E9-4FE312C8CCA5",
"versionEndExcluding": "6.2.9200.24919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA61AAF0-D769-4287-AA5C-EFDAD067E9F1",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F9D974-A968-4CBB-81D8-C73B76DD284A",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498A643B-0180-4AD3-BD7C-5E3CEB0FD112",
"versionEndExcluding": "10.0.20348.2522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA59E2D-57B2-4E8B-937A-3EB51A3AD285",
"versionEndExcluding": "10.0.25398.950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Mark of the Web Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad web de Windows"
}
],
"id": "CVE-2024-38213",
"lastModified": "2024-08-14T14:55:49.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:30.750",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38213"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:31
Severity ?
Summary
Windows Cryptographic Services Security Feature Bypass Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Cryptographic Services Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad de los servicios criptogr\u00e1ficos de Windows"
}
],
"id": "CVE-2024-26228",
"lastModified": "2025-01-08T16:31:38.633",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:42.627",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26228"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:32
Severity ?
Summary
Windows Telephony Server Elevation of Privilege Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Server Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del servidor de telefon\u00eda de Windows"
}
],
"id": "CVE-2024-26230",
"lastModified": "2025-01-08T16:32:41.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:43.027",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26230"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38073 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38073 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Licensing Service Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del servicio Windows Remote Desktop Licensing"
}
],
"id": "CVE-2024-38073",
"lastModified": "2024-11-21T09:24:50.940",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:41.363",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38073"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-27 18:47
Severity ?
Summary
Windows Digital Media Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21228 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Digital Media Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows Digital Media"
}
],
"id": "CVE-2025-21228",
"lastModified": "2025-01-27T18:47:27.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:34.950",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21228"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-13 17:15
Modified
2025-05-19 14:22
Severity ?
Summary
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29959 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B6B5CAA-8A5A-4676-BC01-CD97BDCE5763",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4E77111E-B41A-4E88-AC0B-2EBEC9E042FF",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "A725E104-8456-4AE8-9A9D-10127FC36BDE",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4720EC2C-1371-4D1F-80E6-7804D079C183",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "63199B82-79B6-461A-AC6D-CD1EE5EBCC80",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C7D99F6B-B97B-4010-AA5C-84E9FE50D860",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8047D88E-3BAD-4DCE-A1CD-68BEBEE06D50",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "66B77F75-39F2-46EE-BC6F-06650808568E",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "63101BFA-2F60-49BD-8E03-6F13FA9A106D",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "26BA0DF8-5B45-4B1D-A5F2-3D3B7A60AF90",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "404F532F-861B-42E0-B31D-325E5CFEE8EC",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "2A951F53-2D80-44A8-ADE4-9E26702BB76E",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "CA321DC2-D196-4C81-87E8-B1A240A75CB8",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CA476FFD-741C-4534-AA84-BA3511AE1413",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "28D1BDF2-8DF7-48DF-BBF7-E5DE3EF243D1",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3F66E394-51B6-48B2-AFF6-A45007E654AD",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "4448191F-2152-4E7F-8D4A-4EE7ED6657D6",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "7CE8E58A-59AA-4649-8C0F-0DB11A1D1936",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91433700-DB90-4524-8FAE-FF3895C2A45F",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B47EE2B-4081-4D43-8AF7-C8EB11852312",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76679D4E-C4EF-4EED-BCDE-79F5AF859576",
"versionEndExcluding": "10.0.20348.3692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9B2720-3733-4C50-85F7-156D781D15B8",
"versionEndExcluding": "10.0.25398.1611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE51E4F-FCFF-4DC0-9B76-861EE20D54A4",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network."
},
{
"lang": "es",
"value": "El uso de recursos no inicializados en el Servicio de enrutamiento y acceso remoto de Windows (RRAS) permite que un atacante no autorizado divulgue informaci\u00f3n a trav\u00e9s de una red."
}
],
"id": "CVE-2025-29959",
"lastModified": "2025-05-19T14:22:49.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-05-13T17:15:56.120",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29959"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-12 18:15
Modified
2024-11-18 22:22
Severity ?
Summary
Windows Telephony Service Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43635 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "94D57126-EC8D-4898-A5FE-D7EB6463B634",
"versionEndExcluding": "10.0.10240.20826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "54AA8A1F-0EAD-406A-A4AF-B86C316D1089",
"versionEndExcluding": "10.0.10240.20826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "86F8F1B2-C206-4CD6-83C6-C450329CEE10",
"versionEndExcluding": "10.0.14393.7515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "FCBE6103-075E-4841-836D-4E0D630E99FF",
"versionEndExcluding": "10.0.14393.7515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "81C732A1-CC0F-4633-B00D-473869E77DB9",
"versionEndExcluding": "10.0.17763.6532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "AF9C20B8-CB5E-46C9-B041-D6A42C26703B",
"versionEndExcluding": "10.0.17763.6532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "71AD0B79-C3EF-4E13-AB04-D5FAEABA6954",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B35413A3-DE3B-4E35-AB48-C6D5D138AC07",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "D0558F5F-A561-41E9-9242-7F4A5D924479",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EA243DE7-EDB1-43DA-AD7E-541843DECB58",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5D428E06-FC7C-4151-9582-D66D05D7AFE6",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "FB49C811-F4D7-46EB-9ED6-50CB3EAAAD90",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "04BC0915-6F14-4D7A-951F-83CBAB47C3C4",
"versionEndExcluding": "10.0.22621.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8A16CFCB-D002-4F63-B568-9D14ACE88E94",
"versionEndExcluding": "10.0.22621.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B8FE14E5-7226-43CA-A57E-A81636185AD4",
"versionEndExcluding": "10.0.22631.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "97507261-3969-4EBF-BCED-93FBADCBB6DC",
"versionEndExcluding": "10.0.22631.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D32C04CA-E5BE-47CA-AF79-B39859288531",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "40A6B92E-21C6-4BDD-BA57-DC227FF0F998",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82E3AC46-9D0D-4381-93EE-FE87C212040A",
"versionEndExcluding": "10.0.14393.7515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A43E1F6C-B2A7-4DEC-B4EC-04153746C42B",
"versionEndExcluding": "10.0.17763.6532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38D9CE84-B85F-42B0-959D-A390427A1641",
"versionEndExcluding": "10.0.20348.2849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A549BD98-3DE2-4EF3-A579-12AFCB764975",
"versionEndExcluding": "10.0.25398.1251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F17FD7F-254D-4EE6-9D22-468E76D9B054",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Service Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el servicio de telefon\u00eda de Windows"
}
],
"id": "CVE-2024-43635",
"lastModified": "2024-11-18T22:22:01.707",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-11-12T18:15:32.287",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43635"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-08 12:33
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49102 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "10F567C3-3739-4F3D-B9E0-D2725D09CE0D",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "04D1F48B-C323-4062-B5E1-9700ADBB153C",
"versionEndExcluding": "10.0.10240.20857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "29B44B5E-3D35-4A5B-A916-6E70923FAB7C",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "77EAFFB9-3053-4197-B52D-69F4F86C8FBA",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5FA7C375-3A7C-4F34-B6E7-82C187B4F7AF",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "576F141F-C874-4817-961A-2C4D2AB3DEA4",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F814C24B-FA54-4B97-8387-6EE9AC269178",
"versionEndExcluding": "10.0.19044.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF40E59-FC32-4047-8A63-EE0819A32962",
"versionEndExcluding": "10.0.19045.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3B0836-B782-4C1A-B0D1-B6111CBC8DED",
"versionEndExcluding": "10.0.22621.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B584A6-DEDC-4D7C-9579-B82091B698E0",
"versionEndExcluding": "10.0.22631.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "594D3E33-9ADE-47EF-8032-A5EDC948F92B",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "361D1B8E-6E56-4B5F-85D1-D47114A10A81",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECABB2C-DACB-4BBD-8739-DDB00285B0A7",
"versionEndExcluding": "10.0.20348.2966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-49102",
"lastModified": "2025-01-08T12:33:35.393",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:35.970",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49102"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-13 17:15
Modified
2025-05-19 18:23
Severity ?
Summary
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24063 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B6B5CAA-8A5A-4676-BC01-CD97BDCE5763",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4E77111E-B41A-4E88-AC0B-2EBEC9E042FF",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "A725E104-8456-4AE8-9A9D-10127FC36BDE",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4720EC2C-1371-4D1F-80E6-7804D079C183",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "63199B82-79B6-461A-AC6D-CD1EE5EBCC80",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C7D99F6B-B97B-4010-AA5C-84E9FE50D860",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8047D88E-3BAD-4DCE-A1CD-68BEBEE06D50",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "66B77F75-39F2-46EE-BC6F-06650808568E",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "63101BFA-2F60-49BD-8E03-6F13FA9A106D",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "26BA0DF8-5B45-4B1D-A5F2-3D3B7A60AF90",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "404F532F-861B-42E0-B31D-325E5CFEE8EC",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "2A951F53-2D80-44A8-ADE4-9E26702BB76E",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "CA321DC2-D196-4C81-87E8-B1A240A75CB8",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CA476FFD-741C-4534-AA84-BA3511AE1413",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "28D1BDF2-8DF7-48DF-BBF7-E5DE3EF243D1",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3F66E394-51B6-48B2-AFF6-A45007E654AD",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "4448191F-2152-4E7F-8D4A-4EE7ED6657D6",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "7CE8E58A-59AA-4649-8C0F-0DB11A1D1936",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91433700-DB90-4524-8FAE-FF3895C2A45F",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B47EE2B-4081-4D43-8AF7-C8EB11852312",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76679D4E-C4EF-4EED-BCDE-79F5AF859576",
"versionEndExcluding": "10.0.20348.3692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9B2720-3733-4C50-85F7-156D781D15B8",
"versionEndExcluding": "10.0.25398.1611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE51E4F-FCFF-4DC0-9B76-861EE20D54A4",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer basado en mont\u00f3n en el kernel de Windows permite que un atacante autorizado eleve privilegios localmente."
}
],
"id": "CVE-2025-24063",
"lastModified": "2025-05-19T18:23:57.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-05-13T17:15:51.383",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24063"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-27 18:37
Severity ?
Summary
Windows App Package Installer Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21275 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows App Package Installer Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows App Package Installer"
}
],
"id": "CVE-2025-21275",
"lastModified": "2025-01-27T18:37:53.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:47.723",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21275"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 18:15
Modified
2024-11-21 08:54
Severity ?
Summary
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21361 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21361 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448534CE-1C07-4DF1-8EDD-C43C3492898B",
"versionEndExcluding": "10.0.10240.20469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D282E53-ABBF-4832-9C93-A988586AE96E",
"versionEndExcluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1689DFD-D52D-4121-BFD7-DBF2BE4E7DE8",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C78776CC-3A9C-41A3-8BEB-D71D92F6579D",
"versionEndExcluding": "10.0.19044.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806CA6D2-42B2-4244-A5ED-D23E6DD56772",
"versionEndExcluding": "10.0.19045.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7F8173-9E59-48E4-98C9-4BEB6AE79451",
"versionEndExcluding": "10.0.22000.2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1",
"versionEndExcluding": "10.0.22621.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900D1DA2-6DA7-4681-966A-B9973B1329EA",
"versionEndExcluding": "10.0.22631.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14F86494-7001-40DB-A99E-34A9490F5B58",
"versionEndExcluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9098F92-79E7-4762-A37C-99B4CFA8CDD1",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D",
"versionEndExcluding": "10.0.20348.2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B",
"versionEndExcluding": "10.0.25398.709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Proveedor Microsoft WDAC OLE DB para la vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de SQL Server"
}
],
"id": "CVE-2024-21361",
"lastModified": "2024-11-21T08:54:11.773",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:15:53.057",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21361"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-08 12:42
Severity ?
Summary
Windows Remote Desktop Services Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49075 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5FA7C375-3A7C-4F34-B6E7-82C187B4F7AF",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "576F141F-C874-4817-961A-2C4D2AB3DEA4",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F814C24B-FA54-4B97-8387-6EE9AC269178",
"versionEndExcluding": "10.0.19044.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF40E59-FC32-4047-8A63-EE0819A32962",
"versionEndExcluding": "10.0.19045.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3B0836-B782-4C1A-B0D1-B6111CBC8DED",
"versionEndExcluding": "10.0.22621.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B584A6-DEDC-4D7C-9579-B82091B698E0",
"versionEndExcluding": "10.0.22631.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "594D3E33-9ADE-47EF-8032-A5EDC948F92B",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECABB2C-DACB-4BBD-8739-DDB00285B0A7",
"versionEndExcluding": "10.0.20348.2966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Services\u00a0Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio de los Servicios de Escritorio remoto de Windows"
}
],
"id": "CVE-2024-49075",
"lastModified": "2025-01-08T12:42:40.087",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:31.700",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49075"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 14:23
Severity ?
Summary
Windows Mobile Hotspot Information Disclosure Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Mobile Hotspot Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del punto de acceso de Windows Mobile"
}
],
"id": "CVE-2024-26220",
"lastModified": "2025-01-08T14:23:13.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:41.247",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26220"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-08 12:32
Severity ?
Summary
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49098 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5FA7C375-3A7C-4F34-B6E7-82C187B4F7AF",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "576F141F-C874-4817-961A-2C4D2AB3DEA4",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F814C24B-FA54-4B97-8387-6EE9AC269178",
"versionEndExcluding": "10.0.19044.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF40E59-FC32-4047-8A63-EE0819A32962",
"versionEndExcluding": "10.0.19045.5247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3B0836-B782-4C1A-B0D1-B6111CBC8DED",
"versionEndExcluding": "10.0.22621.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B584A6-DEDC-4D7C-9579-B82091B698E0",
"versionEndExcluding": "10.0.22631.4602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "594D3E33-9ADE-47EF-8032-A5EDC948F92B",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del servicio de red de \u00e1rea amplia inal\u00e1mbrico de Windows (WwanSvc)"
}
],
"id": "CVE-2024-49098",
"lastModified": "2025-01-08T12:32:51.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:35.533",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49098"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-14 17:53
Severity ?
Summary
Windows Remote Desktop Services Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49116 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "361D1B8E-6E56-4B5F-85D1-D47114A10A81",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECABB2C-DACB-4BBD-8739-DDB00285B0A7",
"versionEndExcluding": "10.0.20348.2966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Services Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en los Servicios de Escritorio Remoto de Windows"
}
],
"id": "CVE-2024-49116",
"lastModified": "2025-01-14T17:53:47.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:38.050",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49116"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-09 18:15
Modified
2024-11-21 08:54
Severity ?
Summary
Windows Server Key Distribution Service Security Feature Bypass
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21316 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21316 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1642CC8D-1521-46D9-AE2A-7CD9BCE30565",
"versionEndExcluding": "10.0.14393.6614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2C6F0A-4519-43AE-A36D-39F968FF3DCD",
"versionEndExcluding": "10.0.17763.5329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9519C-EC1F-48D1-89F5-2DCBF84C8251",
"versionEndExcluding": "10.0.19044.3930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B6C6A0-6A10-4A8B-9DF2-D00CE5F863BD",
"versionEndExcluding": "10.0.19045.3930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "290AE500-245E-4C97-953C-05D679164894",
"versionEndExcluding": "10.0.22000.2713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8145E3A1-AA48-49CD-A391-8BA9F3860316",
"versionEndExcluding": "10.0.22621.3007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04D7A1EA-2E86-4600-A7B8-DAA5ACABE8D0",
"versionEndExcluding": "10.0.22631.3007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51DCD313-6848-46DD-B4C6-DA2A8F6291CD",
"versionEndExcluding": "10.0.17763.5329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13224366-AD63-4CAD-85D1-F9599CFE1B14",
"versionEndExcluding": "10.0.20348.2227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B57577F-8313-4AFF-9E30-0C928D87C4AF",
"versionEndExcluding": "10.0.25398.643",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Server Key Distribution Service Security Feature Bypass"
},
{
"lang": "es",
"value": "Omisi\u00f3n de la funci\u00f3n de seguridad del servicio de distribuci\u00f3n de claves de Windows Server"
}
],
"id": "CVE-2024-21316",
"lastModified": "2024-11-21T08:54:05.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-01-09T18:15:55.710",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21316"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 18:15
Modified
2024-11-21 08:09
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Windows Kernel Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36405 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36405 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4C3EB2B6-8A7D-48D0-8FBD-EDD32A02B0A8",
"versionEndExcluding": "10.0.14393.6452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "1A36FFD9-2FFD-491F-9CB6-80DE6544A735",
"versionEndExcluding": "10.0.14393.6452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "4F018A9A-D2BC-4EB0-BC64-B92DC4EF68DF",
"versionEndExcluding": "10.0.17763.5122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "455A430D-8451-4B60-8496-E0A0CE27EDE3",
"versionEndExcluding": "10.0.17763.5122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "395069C3-88A4-493F-9437-23BFC54EA6EE",
"versionEndExcluding": "10.0.17763.5122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76D06BFE-474B-4A10-9E9E-9D88DDCD2764",
"versionEndExcluding": "10.0.19041.3693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85ABCA53-40C8-452B-8D2F-7AAF3624DCD4",
"versionEndExcluding": "10.0.19045.3693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCCEFB5-50CD-4D8A-B4A8-16B357367487",
"versionEndExcluding": "10.0.22000.2600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "656DB244-CD92-4288-A4CD-76ED0492D65C",
"versionEndExcluding": "10.0.22621.2715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC26CE6D-0DFD-4642-A806-2A312888A451",
"versionEndExcluding": "10.0.22631.2715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F942D380-5BD6-4262-A013-89EBFE23C27A",
"versionEndExcluding": "10.0.25398.531",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del kernel de Windows."
}
],
"id": "CVE-2023-36405",
"lastModified": "2024-11-21T08:09:41.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T18:15:42.420",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36405"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 20:55
Severity ?
Summary
Microsoft DWM Core Library Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38147 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98",
"versionEndExcluding": "10.0.19044.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9C3ED0-C639-42B9-8512-5CAD50B7095B",
"versionEndExcluding": "10.0.19045.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E",
"versionEndExcluding": "10.0.22000.3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft DWM Core Library Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de la librer\u00eda principal de Microsoft DWM"
}
],
"id": "CVE-2024-38147",
"lastModified": "2024-08-16T20:55:03.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:19.407",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38147"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-22 16:01
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43611 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F438CECD-698A-4BDF-8B02-B4FE9E5B86E9",
"versionEndExcluding": "10.0.20348.2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-43611",
"lastModified": "2024-10-22T16:01:19.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-10-08T18:15:29.240",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43611"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-18 15:04
Severity ?
Summary
Windows TCP/IP Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38045 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "89B89FB6-5A2C-4444-9D51-B5E46A506CA6",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ADD534CE-0B4C-43DB-A27C-AC67246D0A87",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "23DBE62F-98CC-4F76-A841-BB20C5E8075F",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "61EE602F-4D50-4203-9E6B-0BD8A03C450C",
"versionEndExcluding": "10.0.19044.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E38D5738-DC17-4C50-B8BD-A847CDD772BB",
"versionEndExcluding": "10.0.19044.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "5F1636FD-E55D-452D-B7B4-73763174461F",
"versionEndExcluding": "10.0.19044.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6FBDC450-FB5A-469C-8D38-9586CE5A6F48",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6A08D353-356F-4BB0-A43F-15EBD6E2FB83",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "13DBA791-6F77-4DA1-8BF4-BA7C299C6188",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "27B86605-6710-4BC8-99A4-73462A011192",
"versionEndExcluding": "10.0.22000.3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "24ABE040-A076-4A03-9847-B4D0C2CA5E97",
"versionEndExcluding": "10.0.22000.3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "1943A041-87C3-404D-B09C-8E25E46A6E90",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4AC8FE5E-7E85-4520-BD68-3A9776948A5D",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "DFD03C4F-D6EA-41B7-A7E1-EE0C11407EA2",
"versionEndExcluding": "10.0.22631.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5EFBBCCD-A83C-4D06-BBF0-1A4E5C9F0283",
"versionEndExcluding": "10.0.22631.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6231A772-376C-4ED3-919B-EAD9D1439021",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "82EA7851-0235-4ACA-8BDB-89243CF2BDA7",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904",
"versionEndExcluding": "10.0.20348.2700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0",
"versionEndExcluding": "10.0.25398.1128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows TCP/IP Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo TCP/IP en Windows"
}
],
"id": "CVE-2024-38045",
"lastModified": "2024-09-18T15:04:07.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:21.433",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38045"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 17:15
Modified
2024-11-21 09:11
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30095 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30095 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7733FD-F870-4578-A567-9900AD6C78E3",
"versionEndExcluding": "10.0.10240.20680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96DA51E-404E-49AE-B852-56FF8A1CEEA6",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B52F95E-6080-46C6-B4B6-E2B3F3E78456",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEAF689-E8DB-4D3C-BC2E-B386BC077BC5",
"versionEndExcluding": "10.0.19044.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "970F54FC-F4ED-49B9-BE94-96B7212FD149",
"versionEndExcluding": "10.0.19045.4529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84ECD6C0-8C47-4D2F-82B5-4F8C0BBC5FEE",
"versionEndExcluding": "10.0.22000.3019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E80DF17-1F27-474E-B147-9F5B6C494300",
"versionEndExcluding": "10.0.22621.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4258468C-56CC-45C0-B510-FC833E942876",
"versionEndExcluding": "10.0.22631.3737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA61AAF0-D769-4287-AA5C-EFDAD067E9F1",
"versionEndExcluding": "10.0.14393.7070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F9D974-A968-4CBB-81D8-C73B76DD284A",
"versionEndExcluding": "10.0.17763.5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "498A643B-0180-4AD3-BD7C-5E3CEB0FD112",
"versionEndExcluding": "10.0.20348.2522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA59E2D-57B2-4E8B-937A-3EB51A3AD285",
"versionEndExcluding": "10.0.25398.950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-30095",
"lastModified": "2024-11-21T09:11:15.307",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-06-11T17:15:58.150",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30095"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-13 17:15
Modified
2025-05-19 18:29
Severity ?
Summary
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29954 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B6B5CAA-8A5A-4676-BC01-CD97BDCE5763",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4E77111E-B41A-4E88-AC0B-2EBEC9E042FF",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "A725E104-8456-4AE8-9A9D-10127FC36BDE",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4720EC2C-1371-4D1F-80E6-7804D079C183",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "63199B82-79B6-461A-AC6D-CD1EE5EBCC80",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C7D99F6B-B97B-4010-AA5C-84E9FE50D860",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8047D88E-3BAD-4DCE-A1CD-68BEBEE06D50",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "66B77F75-39F2-46EE-BC6F-06650808568E",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "63101BFA-2F60-49BD-8E03-6F13FA9A106D",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "26BA0DF8-5B45-4B1D-A5F2-3D3B7A60AF90",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "404F532F-861B-42E0-B31D-325E5CFEE8EC",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "2A951F53-2D80-44A8-ADE4-9E26702BB76E",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "CA321DC2-D196-4C81-87E8-B1A240A75CB8",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CA476FFD-741C-4534-AA84-BA3511AE1413",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "28D1BDF2-8DF7-48DF-BBF7-E5DE3EF243D1",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3F66E394-51B6-48B2-AFF6-A45007E654AD",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91433700-DB90-4524-8FAE-FF3895C2A45F",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B47EE2B-4081-4D43-8AF7-C8EB11852312",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76679D4E-C4EF-4EED-BCDE-79F5AF859576",
"versionEndExcluding": "10.0.20348.3692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9B2720-3733-4C50-85F7-156D781D15B8",
"versionEndExcluding": "10.0.25398.1611",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network."
},
{
"lang": "es",
"value": "Consumo descontrolado de recursos en Windows LDAP: el protocolo ligero de acceso a directorios permite que un atacante no autorizado deniegue el servicio a trav\u00e9s de una red."
}
],
"id": "CVE-2025-29954",
"lastModified": "2025-05-19T18:29:23.517",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-05-13T17:15:55.317",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29954"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-25 18:17
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
Windows MSHTML Platform Spoofing Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43573 | Patch, Vendor Advisory |
Impacted products
{
"cisaActionDue": "2024-10-29",
"cisaExploitAdd": "2024-10-08",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows MSHTML Platform Spoofing Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8D5CDF9D-43B5-411C-9627-14DECDA937BF",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "84562B34-6BC0-4DBD-B153-C8F1A065A08D",
"versionEndExcluding": "10.0.10240.20796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "58DB776E-E3B6-4990-8AA2-6A63FDAA84C4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4AC4CAAB-C035-4D00-8DBC-9C3CE39FBBD4",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E73B5EB-3264-4FFD-A467-03F716E8B410",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D13B5EE1-0F5A-4DD8-9462-18FC0D2A59EE",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "857DFFF9-C926-41C5-96E6-7CD3DD86FDD8",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "73AD21BF-973F-47E2-8831-A8B9DD066D75",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6DDD519F-4617-4958-A2AA-5E5EC9D6E0E1",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FD728A6F-4F70-4407-B19C-92DF529793EC",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "11B05B8E-F956-45E2-A735-B3169384178F",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801079-35D1-4489-A0AE-DA780FF4F9BC",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E727AE65-9D9E-49BA-A875-9D50FAE9F7DB",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "FD22B308-7AB1-4820-8B4F-E79C18DB0FF0",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6D7CF880-E057-4694-8DD2-FF62D41A5BB7",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07DF8B6-0DF9-4BF1-9C9B-4A29F9611C8A",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "8968BAC8-A1DB-4F88-89F8-4BE47919C247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF65E43A-AD45-43C6-A371-7C29C5CA0BA7",
"versionEndExcluding": "10.0.14393.7428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8DD27D-4538-4CB9-894A-3BF3DFF9D25A",
"versionEndExcluding": "10.0.20348..2762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows MSHTML Platform Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de la plataforma MSHTML de Windows"
}
],
"id": "CVE-2024-43573",
"lastModified": "2024-10-25T18:17:35.217",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-08T18:15:24.817",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43573"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:43
Severity ?
Summary
Secure Boot Security Feature Bypass Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de arranque seguro"
}
],
"id": "CVE-2024-26168",
"lastModified": "2025-01-08T16:43:41.883",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:35.687",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26168"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-09 18:15
Modified
2024-11-21 08:54
Severity ?
Summary
Microsoft Bluetooth Driver Spoofing Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21306 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21306 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9519C-EC1F-48D1-89F5-2DCBF84C8251",
"versionEndExcluding": "10.0.19044.3930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B6C6A0-6A10-4A8B-9DF2-D00CE5F863BD",
"versionEndExcluding": "10.0.19045.3930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "290AE500-245E-4C97-953C-05D679164894",
"versionEndExcluding": "10.0.22000.2713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8145E3A1-AA48-49CD-A391-8BA9F3860316",
"versionEndExcluding": "10.0.22621.3007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04D7A1EA-2E86-4600-A7B8-DAA5ACABE8D0",
"versionEndExcluding": "10.0.22631.3007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13224366-AD63-4CAD-85D1-F9599CFE1B14",
"versionEndExcluding": "10.0.20348.2227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B57577F-8313-4AFF-9E30-0C928D87C4AF",
"versionEndExcluding": "10.0.25398.643",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Bluetooth Driver Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de controladores Bluetooth de Microsoft"
}
],
"id": "CVE-2024-21306",
"lastModified": "2024-11-21T08:54:04.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-01-09T18:15:54.120",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21306"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-13 17:15
Modified
2025-05-19 14:22
Severity ?
Summary
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29962 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B6B5CAA-8A5A-4676-BC01-CD97BDCE5763",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4E77111E-B41A-4E88-AC0B-2EBEC9E042FF",
"versionEndExcluding": "10.0.10240.21014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "A725E104-8456-4AE8-9A9D-10127FC36BDE",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4720EC2C-1371-4D1F-80E6-7804D079C183",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "63199B82-79B6-461A-AC6D-CD1EE5EBCC80",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C7D99F6B-B97B-4010-AA5C-84E9FE50D860",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8047D88E-3BAD-4DCE-A1CD-68BEBEE06D50",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "66B77F75-39F2-46EE-BC6F-06650808568E",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "63101BFA-2F60-49BD-8E03-6F13FA9A106D",
"versionEndExcluding": "10.0.19044.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "26BA0DF8-5B45-4B1D-A5F2-3D3B7A60AF90",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "404F532F-861B-42E0-B31D-325E5CFEE8EC",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "2A951F53-2D80-44A8-ADE4-9E26702BB76E",
"versionEndExcluding": "10.0.19045.5854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "CA321DC2-D196-4C81-87E8-B1A240A75CB8",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CA476FFD-741C-4534-AA84-BA3511AE1413",
"versionEndExcluding": "10.0.22621.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "28D1BDF2-8DF7-48DF-BBF7-E5DE3EF243D1",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3F66E394-51B6-48B2-AFF6-A45007E654AD",
"versionEndExcluding": "10.0.22631.5335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "4448191F-2152-4E7F-8D4A-4EE7ED6657D6",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "7CE8E58A-59AA-4649-8C0F-0DB11A1D1936",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91433700-DB90-4524-8FAE-FF3895C2A45F",
"versionEndExcluding": "10.0.14393.8066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B47EE2B-4081-4D43-8AF7-C8EB11852312",
"versionEndExcluding": "10.0.17763.7314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76679D4E-C4EF-4EED-BCDE-79F5AF859576",
"versionEndExcluding": "10.0.20348.3692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9B2720-3733-4C50-85F7-156D781D15B8",
"versionEndExcluding": "10.0.25398.1611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE51E4F-FCFF-4DC0-9B76-861EE20D54A4",
"versionEndExcluding": "10.0.26100.4061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer basado en mont\u00f3n en Windows Media permite que un atacante no autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"id": "CVE-2025-29962",
"lastModified": "2025-05-19T14:22:26.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-05-13T17:15:56.600",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29962"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-16 21:50
Severity ?
Summary
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43536 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EE205A52-173D-44F2-AAD0-A45F5FF4D603",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8ED2CAD8-D2E2-4AF5-874A-2938D3C3EA0F",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D13B5EE1-0F5A-4DD8-9462-18FC0D2A59EE",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "857DFFF9-C926-41C5-96E6-7CD3DD86FDD8",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "73AD21BF-973F-47E2-8831-A8B9DD066D75",
"versionEndExcluding": "10.0.19044.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6DDD519F-4617-4958-A2AA-5E5EC9D6E0E1",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FD728A6F-4F70-4407-B19C-92DF529793EC",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "11B05B8E-F956-45E2-A735-B3169384178F",
"versionEndExcluding": "10.0.19045.5011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "FE4A4090-29D6-4B44-9B01-858886DAD93D",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "41629AD7-FF9A-4C54-9FFE-800F4C1E719B",
"versionEndExcluding": "10.0.22000.3260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "89687486-E330-4475-9119-0E0AD18F8129",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0B0F11A8-E14B-4A82-BB09-C4259FC6B0E6",
"versionEndExcluding": "10.0.22621.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "FD22B308-7AB1-4820-8B4F-E79C18DB0FF0",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6D7CF880-E057-4694-8DD2-FF62D41A5BB7",
"versionEndExcluding": "10.0.22631.4317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "1262CACE-C787-4F46-9E12-C9F254225FC5",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "ED2BB762-C417-4B64-80A2-ED152893FAD7",
"versionEndExcluding": "10.0.26100.2033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F003109E-32C0-4044-89D6-2747366E051D",
"versionEndExcluding": "10.0.17763.6414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B68BF1-40C7-45E9-BD3C-8CEE104054E9",
"versionEndExcluding": "10.0.25398.1189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Mobile Broadband Driver Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el controlador de banda ancha de Windows Mobile"
}
],
"id": "CVE-2024-43536",
"lastModified": "2024-10-16T21:50:39.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-10-08T18:15:18.030",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43536"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-11 17:16
Modified
2025-07-02 15:48
Severity ?
Summary
Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24059 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E25C5E4-77D3-4A18-B08B-B157E336218F",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "67C8DCD7-90C4-431F-BD03-FDFDE170E748",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "05169574-28AB-4E42-B3DE-710574BB1AD3",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83256070-991F-404C-AE4C-CBB46166CA67",
"versionEndExcluding": "10.0.19044.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F779E2-8536-4B06-A151-6115C9D88D29",
"versionEndExcluding": "10.0.19045.5608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B27CE48-66A0-488B-A7B6-18A5A191AFDA",
"versionEndExcluding": "10.0.22621.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77DC7D9D-F85F-41B4-A944-D27B388A1157",
"versionEndExcluding": "10.0.22631.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84168D48-1F68-4590-98BB-E926339D1A01",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF468977-7A8C-4234-B244-FA75CB6A124E",
"versionEndExcluding": "10.0.26100.3476",
"versionStartExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9485A904-335B-406F-AED9-63489CB2BB26",
"versionEndExcluding": "6.2.9200.25368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7610CDB-A02B-4C62-B17F-6DCE2B3DE4F0",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D271422D-A29F-4DBF-BF72-BCD90E393A5A",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAACC9C4-DDC5-4059-AFE3-A49DB2347A86",
"versionEndExcluding": "10.0.20348.3270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2569319C-B855-466E-B4A5-D5774DBBD516",
"versionEndExcluding": "10.0.20348.3328",
"versionStartExcluding": "10.0.20348.3270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF423F8C-2E8A-46AB-BB2D-C416BF341F92",
"versionEndExcluding": "10.0.25398.1486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF81B44C-8FF7-4C61-9974-3F98DA9D492C",
"versionEndExcluding": "10.0.26100.3403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1438B9AF-92B2-439B-8656-C87B8F8E30A5",
"versionEndExcluding": "10.0.26100.3476",
"versionStartExcluding": "10.0.26100.3403",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally."
},
{
"lang": "es",
"value": "La conversi\u00f3n incorrecta entre tipos num\u00e9ricos en el controlador del sistema de archivos de registro com\u00fan de Windows permite que un atacante autorizado eleve privilegios localmente."
}
],
"id": "CVE-2025-24059",
"lastModified": "2025-07-02T15:48:47.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-03-11T17:16:28.593",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24059"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-681"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 13:53
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Windows DNS Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows DNS Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del servidor DNS de Windows"
}
],
"id": "CVE-2024-26221",
"lastModified": "2025-01-08T13:53:25.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:41.443",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26221"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-11 17:16
Modified
2025-07-03 15:55
Severity ?
Summary
Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26634 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC9E148-24F5-4FB0-A9FE-6098A2395D5F",
"versionEndExcluding": "10.0.10240.20915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C91C224C-5CC9-42EF-8053-AC80EE2CC2B5",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "07421D08-3F88-4532-B652-36825784EFF9",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A932CBA3-651F-4BBA-968A-2D6CA7DF8506",
"versionEndExcluding": "10.0.19044.5487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "810C8ECB-619F-447C-B352-E66F7EF5216E",
"versionEndExcluding": "10.0.19045.5487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30AF7170-5722-4C9C-A8AD-7A9F0C5952EE",
"versionEndExcluding": "10.0.22621.4890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62FFD367-FB8B-48CA-813F-760E4F393555",
"versionEndExcluding": "10.0.22631.4890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C5B9BC-F08B-49F8-82D3-7CC6BDB68995",
"versionEndExcluding": "10.0.26100.3194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "208FA80F-F742-473E-81D5-003DC2BFFC6C",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273EE4B9-8B53-4387-98C8-EC5D2558DB82",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1711CDE0-4C93-40D3-91B7-DE507143A45F",
"versionEndExcluding": "10.0.20348.3207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3106289-A3E3-4508-B118-17BD2488D681",
"versionEndExcluding": "10.0.25398.1425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70BC66D1-8679-4FA5-A4E0-2E9FDB56E273",
"versionEndExcluding": "10.0.26100.3194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer basado en mont\u00f3n en Windows Core Messaging permite que un atacante autorizado eleve privilegios en una red."
}
],
"id": "CVE-2025-26634",
"lastModified": "2025-07-03T15:55:30.563",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-03-11T17:16:43.743",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26634"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:16
Modified
2025-07-10 15:01
Severity ?
Summary
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29810 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "575117BF-9A1E-4B90-85D8-4172A58B3B72",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B3B4804C-685B-4F37-92DE-CE73D1B106B4",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "474622F8-06D4-4AD1-8D72-A674909A7634",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "559D55D4-2BF2-4B8F-90CA-C6B885334A3E",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACCA6F4-C140-4B2E-93FF-1B9DC093E831",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09E0970D-79B9-40D9-BFFF-25EE5A686B04",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640C45C8-83C3-4BBC-9176-705BEAA80E64",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9402D-6417-4F82-909A-D89C06C98794",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4B5FB3-A574-4DA6-9A43-0950B121CC92",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "AF5336F8-E267-455B-817A-03AF478E3600",
"versionEndIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network."
},
{
"lang": "es",
"value": "El control de acceso inadecuado en los Servicios de dominio de Active Directory permite que un atacante autorizado eleve privilegios en una red."
}
],
"id": "CVE-2025-29810",
"lastModified": "2025-07-10T15:01:41.173",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:16:06.797",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29810"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-11 18:15
Modified
2025-02-26 16:55
Severity ?
Summary
Microsoft Digest Authentication Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21369 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8B692D57-D1F5-440E-AC28-C7633740ED6E",
"versionEndExcluding": "10.0.10240.20915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "44723F8C-6B56-4A27-B213-E822ADC16078",
"versionEndExcluding": "10.0.10240.20915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C91C224C-5CC9-42EF-8053-AC80EE2CC2B5",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "07421D08-3F88-4532-B652-36825784EFF9",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B5BC47F5-150E-4D18-8CC4-356F22171D81",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "E448ECB4-CE46-4A29-A092-5A4D334E5535",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A932CBA3-651F-4BBA-968A-2D6CA7DF8506",
"versionEndExcluding": "10.0.19044.5487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "810C8ECB-619F-447C-B352-E66F7EF5216E",
"versionEndExcluding": "10.0.19045.5487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30AF7170-5722-4C9C-A8AD-7A9F0C5952EE",
"versionEndExcluding": "10.0.22621.4890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62FFD367-FB8B-48CA-813F-760E4F393555",
"versionEndExcluding": "10.0.22631.4890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C5B9BC-F08B-49F8-82D3-7CC6BDB68995",
"versionEndExcluding": "10.0.26100.3194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "208FA80F-F742-473E-81D5-003DC2BFFC6C",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273EE4B9-8B53-4387-98C8-EC5D2558DB82",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1711CDE0-4C93-40D3-91B7-DE507143A45F",
"versionEndExcluding": "10.0.20348.3207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FB476271-F7D2-40F9-BAFC-2DCD597BFE27",
"versionEndExcluding": "10.0.25398.1425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C5C38103-E0F4-4302-98CE-BD8B20460004",
"versionEndExcluding": "10.0.26100.3194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Digest Authentication Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en la autenticaci\u00f3n de Microsoft Digest"
}
],
"id": "CVE-2025-21369",
"lastModified": "2025-02-26T16:55:53.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-02-11T18:15:35.340",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21369"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 16:03
Severity ?
Summary
Secure Boot Security Feature Bypass Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E7BDA51E-51E0-487D-A25F-2477213B563E",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A607FDAE-53FE-49DA-806F-0533F5ECC108",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CA18E04-75AD-4BC1-BCF7-B7C3DD33D9D3",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "8E68CF86-FB36-4E0E-A919-D7010E1D9CEE",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secure Boot Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad de arranque seguro"
}
],
"id": "CVE-2024-28896",
"lastModified": "2025-01-08T16:03:33.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:47.893",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28896"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-13 15:20
Severity ?
Summary
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38253 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_server_2022_23h2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF161E1C-AF7E-4F75-86BA-8479D0BA8086",
"versionEndExcluding": "10.0.22000.3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10708C4D-4596-4089-8DDB-5479DE084F64",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "76AB8812-9BA5-415B-A6B1-C5AD065D3382",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5EFBBCCD-A83C-4D06-BBF0-1A4E5C9F0283",
"versionEndExcluding": "10.0.22631.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "889E645C-92D6-422B-A89B-05D6774B7543",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0",
"versionEndExcluding": "10.0.25398.1128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el subsistema del n\u00facleo Win32 de Windows"
}
],
"id": "CVE-2024-38253",
"lastModified": "2024-09-13T15:20:59.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:30.813",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38253"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 18:15
Modified
2024-11-21 08:54
Severity ?
Summary
Windows Printing Service Spoofing Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21406 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21406 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D282E53-ABBF-4832-9C93-A988586AE96E",
"versionEndExcluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1689DFD-D52D-4121-BFD7-DBF2BE4E7DE8",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C78776CC-3A9C-41A3-8BEB-D71D92F6579D",
"versionEndExcluding": "10.0.19044.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806CA6D2-42B2-4244-A5ED-D23E6DD56772",
"versionEndExcluding": "10.0.19045.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7F8173-9E59-48E4-98C9-4BEB6AE79451",
"versionEndExcluding": "10.0.22000.2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1",
"versionEndExcluding": "10.0.22621.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900D1DA2-6DA7-4681-966A-B9973B1329EA",
"versionEndExcluding": "10.0.22631.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B15A766-B6CC-4638-B6E6-BF0F338A059A",
"versionEndExcluding": "6.2.9200.24710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14F86494-7001-40DB-A99E-34A9490F5B58",
"versionEndExcluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9098F92-79E7-4762-A37C-99B4CFA8CDD1",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D",
"versionEndExcluding": "10.0.20348.2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B",
"versionEndExcluding": "10.0.25398.709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Printing Service Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n del servicio de impresi\u00f3n de Windows"
}
],
"id": "CVE-2024-21406",
"lastModified": "2024-11-21T08:54:17.750",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:15:59.480",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21406"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 18:15
Modified
2024-11-21 08:54
Severity ?
Summary
Windows Kernel Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21341 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21341 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1689DFD-D52D-4121-BFD7-DBF2BE4E7DE8",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C78776CC-3A9C-41A3-8BEB-D71D92F6579D",
"versionEndExcluding": "10.0.19044.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806CA6D2-42B2-4244-A5ED-D23E6DD56772",
"versionEndExcluding": "10.0.19045.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7F8173-9E59-48E4-98C9-4BEB6AE79451",
"versionEndExcluding": "10.0.22000.2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84EDBE52-EFE0-4D6D-AA76-698B6F9687D1",
"versionEndExcluding": "10.0.22621.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "900D1DA2-6DA7-4681-966A-B9973B1329EA",
"versionEndExcluding": "10.0.22631.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9098F92-79E7-4762-A37C-99B4CFA8CDD1",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D",
"versionEndExcluding": "10.0.20348.2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62322DCD-FDD1-4E54-A51A-08D68890E7DE",
"versionEndIncluding": "10.0.25398.709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del kernel de Windows"
}
],
"id": "CVE-2024-21341",
"lastModified": "2024-11-21T08:54:08.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:15:49.630",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21341"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-12 17:15
Modified
2024-12-05 03:19
Severity ?
Summary
Microsoft ODBC Driver Remote Code Execution Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90D10880-2D62-4AC6-9712-0A0519F50CEE",
"versionEndExcluding": "10.0.10240.20596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FACDC7-EB1C-4F9E-8841-B4F5D740E833",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54B49649-55CB-4BFF-BB50-592662435694",
"versionEndExcluding": "10.0.22621.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79409538-C0CE-4051-80C3-383220427D0B",
"versionEndExcluding": "10.0.22631.3447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122",
"versionEndExcluding": "10.0.14393.6897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA",
"versionEndExcluding": "10.0.20348.2402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC",
"versionEndExcluding": "10.0.25398.830",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft ODBC Driver Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del controlador ODBC de Microsoft"
}
],
"id": "CVE-2024-21451",
"lastModified": "2024-12-05T03:19:51.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-03-12T17:15:54.743",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21451"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-197"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2025-07-07 18:15
Severity ?
Summary
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38131 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:remote_desktop_client:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C70F9F5B-B3D1-432A-9DFC-1565318F3D98",
"versionEndExcluding": "1.2.5560.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E76B107-D977-41BE-8E5C-6A9B52C6EBDE",
"versionEndExcluding": "10.0.10240.20751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6808A3F0-AC0E-4825-A582-5D7841F4870F",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0893DB0-24BA-41A1-907E-8B6F66741A0E",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98",
"versionEndExcluding": "10.0.19044.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9C3ED0-C639-42B9-8512-5CAD50B7095B",
"versionEndExcluding": "10.0.19045.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E",
"versionEndExcluding": "10.0.22000.3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28824912-3E9D-4E1E-AE1F-F9700DB892C0",
"versionEndExcluding": "6.2.9200.25031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Clipboard Virtual Channel Extension Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en la extensi\u00f3n del canal virtual del portapapeles"
}
],
"id": "CVE-2024-38131",
"lastModified": "2025-07-07T18:15:34.883",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:15.833",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38131"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-591"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 18:15
Modified
2025-07-08 19:06
Severity ?
Summary
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27469 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "575117BF-9A1E-4B90-85D8-4172A58B3B72",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B3B4804C-685B-4F37-92DE-CE73D1B106B4",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "474622F8-06D4-4AD1-8D72-A674909A7634",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "559D55D4-2BF2-4B8F-90CA-C6B885334A3E",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACCA6F4-C140-4B2E-93FF-1B9DC093E831",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09E0970D-79B9-40D9-BFFF-25EE5A686B04",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "640C45C8-83C3-4BBC-9176-705BEAA80E64",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE9402D-6417-4F82-909A-D89C06C98794",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4B5FB3-A574-4DA6-9A43-0950B121CC92",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network."
},
{
"lang": "es",
"value": "Consumo descontrolado de recursos en Windows LDAP: el protocolo ligero de acceso a directorios permite que un atacante no autorizado deniegue el servicio a trav\u00e9s de una red."
}
],
"id": "CVE-2025-27469",
"lastModified": "2025-07-08T19:06:37.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T18:15:56.613",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27469"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-11 18:15
Modified
2025-02-28 16:02
Severity ?
Summary
Windows Active Directory Domain Services API Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21351 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C91C224C-5CC9-42EF-8053-AC80EE2CC2B5",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "07421D08-3F88-4532-B652-36825784EFF9",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B5BC47F5-150E-4D18-8CC4-356F22171D81",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "E448ECB4-CE46-4A29-A092-5A4D334E5535",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A932CBA3-651F-4BBA-968A-2D6CA7DF8506",
"versionEndExcluding": "10.0.19044.5487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "810C8ECB-619F-447C-B352-E66F7EF5216E",
"versionEndExcluding": "10.0.19045.5487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30AF7170-5722-4C9C-A8AD-7A9F0C5952EE",
"versionEndExcluding": "10.0.22621.4890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62FFD367-FB8B-48CA-813F-760E4F393555",
"versionEndExcluding": "10.0.22631.4890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C5B9BC-F08B-49F8-82D3-7CC6BDB68995",
"versionEndExcluding": "10.0.26100.3194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "208FA80F-F742-473E-81D5-003DC2BFFC6C",
"versionEndExcluding": "10.0.14393.7785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273EE4B9-8B53-4387-98C8-EC5D2558DB82",
"versionEndExcluding": "10.0.17763.6893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1711CDE0-4C93-40D3-91B7-DE507143A45F",
"versionEndExcluding": "10.0.20348.3207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FB476271-F7D2-40F9-BAFC-2DCD597BFE27",
"versionEndExcluding": "10.0.25398.1425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "C5C38103-E0F4-4302-98CE-BD8B20460004",
"versionEndExcluding": "10.0.26100.3194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Active Directory Domain Services API Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio de la API de servicios de dominio de Active Directory de Windows"
}
],
"id": "CVE-2025-21351",
"lastModified": "2025-02-28T16:02:39.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-02-11T18:15:34.113",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21351"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-17 16:50
Severity ?
Summary
Windows Networking Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38234 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "85DD5735-7C22-4A98-B404-08FEF44A640F",
"versionEndExcluding": "10.0.10240.20766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83550045-529B-4968-A543-C9D298C0F31D",
"versionEndExcluding": "10.0.10240.20766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "90027BBC-56AF-4F14-A118-53BBA694A0CD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "DFB6CBF4-DA4A-4743-B8A1-3E41FCBEEBEC",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9450F3-BE07-4F9B-9C2B-29208AB91A9C",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C7FEB1-00AE-42A6-BBAA-A30081BD4A83",
"versionEndExcluding": "10.0.19044.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8610D293-28A5-4A3E-AE2D-BD21E7E42FDA",
"versionEndExcluding": "10.0.19041.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6A08D353-356F-4BB0-A43F-15EBD6E2FB83",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "13DBA791-6F77-4DA1-8BF4-BA7C299C6188",
"versionEndExcluding": "10.0.19045.4894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF161E1C-AF7E-4F75-86BA-8479D0BA8086",
"versionEndExcluding": "10.0.22000.3197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10708C4D-4596-4089-8DDB-5479DE084F64",
"versionEndExcluding": "10.0.22621.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "DFD03C4F-D6EA-41B7-A7E1-EE0C11407EA2",
"versionEndExcluding": "10.0.22631.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5EFBBCCD-A83C-4D06-BBF0-1A4E5C9F0283",
"versionEndExcluding": "10.0.22631.4169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6231A772-376C-4ED3-919B-EAD9D1439021",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "82EA7851-0235-4ACA-8BDB-89243CF2BDA7",
"versionEndExcluding": "10.0.26100.1742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "F73D1308-DB13-4B6C-A66F-5542FDCA749C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*",
"matchCriteriaId": "8968BAC8-A1DB-4F88-89F8-4BE47919C247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6291C92-7D32-4CC2-B601-FAF5B70F3BFD",
"versionEndExcluding": "10.0.14393.7336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6",
"versionEndExcluding": "10.0.17763.6293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904",
"versionEndExcluding": "10.0.20348.2700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0",
"versionEndExcluding": "10.0.25398.1128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Networking Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio en redes de Windows"
}
],
"id": "CVE-2024-38234",
"lastModified": "2024-09-17T16:50:39.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:26.700",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38234"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-22 14:48
Severity ?
Summary
Internet Explorer Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21326 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155593BE-9192-4286-81F7-2C66B55B0438",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Internet Explorer Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Internet Explorer"
}
],
"id": "CVE-2025-21326",
"lastModified": "2025-01-22T14:48:07.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:57.170",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21326"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 20:54
Severity ?
Summary
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38146 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E76B107-D977-41BE-8E5C-6A9B52C6EBDE",
"versionEndExcluding": "10.0.10240.20751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6808A3F0-AC0E-4825-A582-5D7841F4870F",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0893DB0-24BA-41A1-907E-8B6F66741A0E",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98",
"versionEndExcluding": "10.0.19044.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9C3ED0-C639-42B9-8512-5CAD50B7095B",
"versionEndExcluding": "10.0.19045.4780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E",
"versionEndExcluding": "10.0.22000.3147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28824912-3E9D-4E1E-AE1F-F9700DB892C0",
"versionEndExcluding": "6.2.9200.25031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del controlador de red del puente de capa 2 de Windows"
}
],
"id": "CVE-2024-38146",
"lastModified": "2024-08-16T20:54:59.903",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:19.153",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38146"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 18:15
Modified
2024-08-16 17:12
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38120 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28824912-3E9D-4E1E-AE1F-F9700DB892C0",
"versionEndExcluding": "6.2.9200.25031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-38120",
"lastModified": "2024-08-16T17:12:59.383",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-08-13T18:15:13.047",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38120"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-27 18:49
Severity ?
Summary
Windows Digital Media Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21261 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Digital Media Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Windows Digital Media"
}
],
"id": "CVE-2025-21261",
"lastModified": "2025-01-27T18:49:17.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-01-14T18:15:45.137",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21261"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-12 17:15
Modified
2024-12-27 18:26
Severity ?
Summary
Windows Telephony Server Elevation of Privilege Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9C29C6-636E-4023-88E0-8A8C4DDD3FA4",
"versionEndExcluding": "10.0.10240.20526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4C9B0826-AE47-44B1-988F-6B5CEFB45BD5",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "E037C8AE-56A8-4507-A34B-371A7D49F28D",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA95D8E-CAD9-4D07-AE35-36D83D546AA8",
"versionEndExcluding": "10.0.19044.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "968B931A-18E6-4425-B326-5A02C0B93A08",
"versionEndExcluding": "10.0.19045.4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D08CEC8B-343C-486E-B6FA-F4D60ACF7E63",
"versionEndExcluding": "10.0.22000.2836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBD4A55-729C-4F86-AE29-6067F62FD03A",
"versionEndExcluding": "10.0.22621.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A332CC68-568F-406B-8463-9FEF359BEA4C",
"versionEndExcluding": "10.0.22631.3296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81",
"versionEndExcluding": "10.0.14393.6796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292",
"versionEndExcluding": "10.0.17763.5576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231",
"versionEndExcluding": "10.0.20348.2340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB",
"versionEndExcluding": "10.0.25398.763",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Server Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del servidor de telefon\u00eda de Windows"
}
],
"id": "CVE-2024-21439",
"lastModified": "2024-12-27T18:26:02.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-03-12T17:15:53.050",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21439"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-08 12:36
Severity ?
Summary
Windows Remote Desktop Services Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49108 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_server_2016 | * | |
| microsoft | windows_server_2019 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "361D1B8E-6E56-4B5F-85D1-D47114A10A81",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECABB2C-DACB-4BBD-8739-DDB00285B0A7",
"versionEndExcluding": "10.0.20348.2966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Services Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en los Servicios de Escritorio Remoto de Windows"
}
],
"id": "CVE-2024-49108",
"lastModified": "2025-01-08T12:36:07.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:36.877",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49108"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-591"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 18:16
Modified
2024-11-21 08:54
Severity ?
Summary
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21420 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21420 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "11175D86-F0D1-434C-811A-750CB5C17148",
"versionEndExcluding": "10.0.10240.20469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "C62CCD10-636D-4979-A90F-CDBDE048518B",
"versionEndExcluding": "10.0.10240.20469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "57927CA7-FE09-43AA-9F66-6E68EE3125D7",
"versionEndExcluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "077456FB-464C-4393-87A5-D9A2FD3A3A1A",
"versionEndIncluding": "10.0.14393.6709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "97FA2666-D83E-4645-AB34-B17DD82A705B",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "9EF5A993-EF3B-4BE1-8325-62354DD7A7E7",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "1957C71A-2CE0-4173-8BB6-0BE0E93E9BCC",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "8B1DD5BA-167A-45DB-8BD5-C231755B1A07",
"versionEndExcluding": "10.0.19044.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0F566229-0130-4578-89CB-DBB8B6F658BF",
"versionEndExcluding": "10.0.19044.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "5815DF79-63B2-4690-AC2E-23EDE1BC9101",
"versionEndExcluding": "10.0.19044.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "9A6AFF70-FED0-4AF5-9D8F-5C90BF982941",
"versionEndExcluding": "10.0.19045.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "88085285-0229-4033-BEB6-0BF4AD5EA72A",
"versionEndExcluding": "10.0.19045.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "A0B61E17-FC01-4FF3-BF96-37819033F412",
"versionEndExcluding": "10.0.19045.4046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "481C9CDC-7383-4D08-9608-BDA2F9FADB36",
"versionEndExcluding": "10.0.22000.2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "60E272E2-0D33-4342-92C3-5D66C89DE531",
"versionEndExcluding": "10.0.22000.2777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "3F8D8343-22E1-4C56-9918-9430326AB9BD",
"versionEndExcluding": "10.0.22621.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "16B1BAB4-91BD-4105-81CF-EAFD3800CB85",
"versionEndExcluding": "10.0.22621.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "E2FB8ADD-663B-445B-B0F2-6B5E168D9E2E",
"versionEndExcluding": "10.0.22631.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "679CCD68-F014-452C-8D3F-F9D17329779C",
"versionEndExcluding": "10.0.22631.3155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9098F92-79E7-4762-A37C-99B4CFA8CDD1",
"versionEndExcluding": "10.0.17763.5458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D",
"versionEndExcluding": "10.0.20348.2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B",
"versionEndExcluding": "10.0.25398.709",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Proveedor Microsoft WDAC OLE DB para la vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de SQL Server"
}
],
"id": "CVE-2024-21420",
"lastModified": "2024-11-21T08:54:19.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:16:00.310",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21420"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:24
Severity ?
Summary
Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38070 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38070 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7482622-F4B1-4086-8484-136592BAACCE",
"versionEndExcluding": "10.0.10240.20710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEE46C5-718B-43C5-8B06-A4CB2E0DEF7A",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE3B092-248B-4F68-AA13-DF4FB2E0DA3F",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905A0D97-FCF2-4999-A3F3-C79D88511D52",
"versionEndExcluding": "10.0.19044.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB25D6-2E73-4DF4-9D7D-2C9780101B1B",
"versionEndExcluding": "10.0.19045.4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C0A5A-B376-4DE8-A02A-5E341825AAAB",
"versionEndExcluding": "10.0.22000.3079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B9B3F1-347C-4935-BFA9-6B4191831D28",
"versionEndExcluding": "10.0.22621.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E199129F-7F75-42C8-ABA0-7439FE50676B",
"versionEndExcluding": "10.0.22631.3880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB",
"versionEndExcluding": "10.0.14393.7159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A",
"versionEndExcluding": "10.0.17763.6054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35",
"versionEndExcluding": "10.0.20348.2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635",
"versionEndExcluding": "10.0.25398.1009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de caracter\u00edstica de seguridad de Windows LockDown Policy (WLDP)"
}
],
"id": "CVE-2024-38070",
"lastModified": "2024-11-21T09:24:50.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-07-09T17:15:40.340",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38070"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-12 18:15
Modified
2024-11-18 22:22
Severity ?
Summary
Windows USB Video Class System Driver Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43634 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "94D57126-EC8D-4898-A5FE-D7EB6463B634",
"versionEndExcluding": "10.0.10240.20826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "54AA8A1F-0EAD-406A-A4AF-B86C316D1089",
"versionEndExcluding": "10.0.10240.20826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "86F8F1B2-C206-4CD6-83C6-C450329CEE10",
"versionEndExcluding": "10.0.14393.7515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "FCBE6103-075E-4841-836D-4E0D630E99FF",
"versionEndExcluding": "10.0.14393.7515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "81C732A1-CC0F-4633-B00D-473869E77DB9",
"versionEndExcluding": "10.0.17763.6532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "AF9C20B8-CB5E-46C9-B041-D6A42C26703B",
"versionEndExcluding": "10.0.17763.6532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "71AD0B79-C3EF-4E13-AB04-D5FAEABA6954",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "B35413A3-DE3B-4E35-AB48-C6D5D138AC07",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "D0558F5F-A561-41E9-9242-7F4A5D924479",
"versionEndExcluding": "10.0.19044.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EA243DE7-EDB1-43DA-AD7E-541843DECB58",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "5D428E06-FC7C-4151-9582-D66D05D7AFE6",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "FB49C811-F4D7-46EB-9ED6-50CB3EAAAD90",
"versionEndExcluding": "10.0.19045.5131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "04BC0915-6F14-4D7A-951F-83CBAB47C3C4",
"versionEndExcluding": "10.0.22621.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8A16CFCB-D002-4F63-B568-9D14ACE88E94",
"versionEndExcluding": "10.0.22621.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B8FE14E5-7226-43CA-A57E-A81636185AD4",
"versionEndExcluding": "10.0.22631.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "97507261-3969-4EBF-BCED-93FBADCBB6DC",
"versionEndExcluding": "10.0.22631.4460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "D32C04CA-E5BE-47CA-AF79-B39859288531",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "40A6B92E-21C6-4BDD-BA57-DC227FF0F998",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82E3AC46-9D0D-4381-93EE-FE87C212040A",
"versionEndExcluding": "10.0.14393.7515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A43E1F6C-B2A7-4DEC-B4EC-04153746C42B",
"versionEndExcluding": "10.0.17763.6532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38D9CE84-B85F-42B0-959D-A390427A1641",
"versionEndExcluding": "10.0.20348.2849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A549BD98-3DE2-4EF3-A579-12AFCB764975",
"versionEndExcluding": "10.0.25398.1251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F17FD7F-254D-4EE6-9D22-468E76D9B054",
"versionEndExcluding": "10.0.26100.2314",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows USB Video Class System Driver Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en el controlador del sistema de clase de v\u00eddeo USB de Windows"
}
],
"id": "CVE-2024-43634",
"lastModified": "2024-11-18T22:22:16.637",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-11-12T18:15:32.050",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43634"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 02:04
Modified
2025-01-08 12:34
Severity ?
Summary
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49086 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "361D1B8E-6E56-4B5F-85D1-D47114A10A81",
"versionEndExcluding": "10.0.14393.7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11517523-F822-45BC-B347-C65F00B45202",
"versionEndExcluding": "10.0.17763.6659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECABB2C-DACB-4BBD-8739-DDB00285B0A7",
"versionEndExcluding": "10.0.20348.2966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37977CFB-B259-49B8-B0C5-85ECB40FE429",
"versionEndExcluding": "10.0.25398.1308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E013EA3C-6F18-4CA4-AF5B-664F869B9A6D",
"versionEndExcluding": "10.0.26100.2605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el Servicio de enrutamiento y acceso remoto de Windows (RRAS)"
}
],
"id": "CVE-2024-49086",
"lastModified": "2025-01-08T12:34:08.597",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-12-12T02:04:33.460",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49086"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-08 15:00
Severity ?
Summary
Windows Kernel Elevation of Privilege Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C50F3D5-1329-4563-BB59-9C50E2EEC237",
"versionEndExcluding": "10.0.17763.5696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE5B3C6-9F18-44A0-95CC-B4CD358794BF",
"versionEndExcluding": "10.0.19044.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C51F9B-0BF1-414C-BFA5-4F5B81413E9E",
"versionEndExcluding": "10.0.19045.4291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39B18FD8-656D-46D2-8BDE-AF030C278E02",
"versionEndExcluding": "10.0.22000.2899",
"vulner