Total
100
Critical
3
High
77
Medium
20
CISA KEV
1
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Buffer over-read in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.
Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
