Total
100
Critical
3
High
80
Medium
17
CISA KEV
3
Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity issue.
Windows Local Security Authority (LSA) Denial of Service Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Unified Write Filter Elevation of Privilege Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
Windows Kernel Information Disclosure Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Backup Service Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows NTLM Elevation of Privilege Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Windows Netlogon Denial of Service Vulnerability
Windows Credential Manager User Interface Elevation of Privilege Vulnerability
Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
BitLocker Security Feature Bypass Vulnerability
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Windows Boot Manager Security Feature Bypass Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
Windows GDI Elevation of Privilege Vulnerability
Windows SMB Witness Service Elevation of Privilege Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Windows Task Scheduler Elevation of Privilege Vulnerability
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
Windows GDI Elevation of Privilege Vulnerability
Windows iSCSI Service Denial of Service Vulnerability
Remote Procedure Call Runtime Denial of Service Vulnerability
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Bluetooth Driver Elevation of Privilege Vulnerability
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Media Remote Code Execution Vulnerability
Windows Media Remote Code Execution Vulnerability
Windows Contacts Remote Code Execution Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
.NET Framework Remote Code Execution Vulnerability
Windows Fax Compose Form Elevation of Privilege Vulnerability
PowerShell Remote Code Execution Vulnerability
Windows Graphics Component Information Disclosure Vulnerability
Windows Scripting Languages Remote Code Execution Vulnerability
Windows Scripting Languages Remote Code Execution Vulnerability
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows GDI+ Information Disclosure Vulnerability
Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability
Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
Windows Group Policy Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
.NET Framework Information Disclosure Vulnerability
Windows Network Address Translation (NAT) Denial of Service Vulnerability
Windows HTTP.sys Elevation of Privilege Vulnerability
Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability
Windows Kerberos Denial of Service Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Group Policy Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows COM+ Event System Service Elevation of Privilege Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
