Microsoft Windows 7

Windows 7 is vulnerable to a full blind TCP/IP hijacking attack

CVE-2023-34367 6.5 - Medium - June 14, 2023

Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity issue.

authentification

Windows Kernel Memory Information Disclosure Vulnerability

CVE-2022-35758 5.5 - Medium - May 31, 2023

Windows Kernel Memory Information Disclosure Vulnerability

Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

CVE-2022-35744 9.8 - Critical - May 31, 2023

Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

Win32k Elevation of Privilege Vulnerability

CVE-2022-35750 7.8 - High - May 31, 2023

Win32k Elevation of Privilege Vulnerability

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2022-35751 7.8 - High - May 31, 2023

Windows Hyper-V Elevation of Privilege Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVE-2022-35752 8.1 - High - May 31, 2023

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVE-2022-35753 8.1 - High - May 31, 2023

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Unified Write Filter Elevation of Privilege Vulnerability

CVE-2022-35754 6.7 - Medium - May 31, 2023

Unified Write Filter Elevation of Privilege Vulnerability

Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability

CVE-2022-35747 5.9 - Medium - May 31, 2023

Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVE-2022-35745 8.1 - High - May 31, 2023

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

CVE-2022-35743 7.8 - High - May 31, 2023

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Code Injection

Windows Local Security Authority (LSA) Denial of Service Vulnerability

CVE-2022-35759 6.5 - Medium - May 31, 2023

Windows Local Security Authority (LSA) Denial of Service Vulnerability

Windows Kerberos Elevation of Privilege Vulnerability

CVE-2022-35756 7.8 - High - May 31, 2023

Windows Kerberos Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-21754 7.8 - High - January 10, 2023

Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-21755 7.8 - High - January 10, 2023

Windows Kernel Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability

CVE-2023-21757 7.5 - High - January 10, 2023

Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2023-21760 7.1 - High - January 10, 2023

Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2023-21765 7.8 - High - January 10, 2023

Windows Print Spooler Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-21773 7.8 - High - January 10, 2023

Windows Kernel Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability

CVE-2023-21682 5.3 - Medium - January 10, 2023

Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability

Windows Credential Manager User Interface Elevation of Privilege Vulnerability

CVE-2023-21726 7.8 - High - January 10, 2023

Windows Credential Manager User Interface Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-21772 7.8 - High - January 10, 2023

Windows Kernel Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Netlogon Denial of Service Vulnerability

CVE-2023-21728 7.5 - High - January 10, 2023

Windows Netlogon Denial of Service Vulnerability

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2023-21732 8.8 - High - January 10, 2023

Microsoft ODBC Driver Remote Code Execution Vulnerability

Windows Boot Manager Security Feature Bypass Vulnerability

CVE-2023-21560 6.6 - Medium - January 10, 2023

Windows Boot Manager Security Feature Bypass Vulnerability

AuthZ

BitLocker Security Feature Bypass Vulnerability

CVE-2023-21563 6.8 - Medium - January 10, 2023

BitLocker Security Feature Bypass Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-21675 7.8 - High - January 10, 2023

Windows Kernel Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2023-21678 7.8 - High - January 10, 2023

Windows Print Spooler Elevation of Privilege Vulnerability

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

CVE-2023-21679 8.1 - High - January 10, 2023

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

Race Condition

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

CVE-2023-21730 7.8 - High - January 10, 2023

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

CVE-2023-21524 7.8 - High - January 10, 2023

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

Remote Procedure Call Runtime Denial of Service Vulnerability

CVE-2023-21525 5.3 - Medium - January 10, 2023

Remote Procedure Call Runtime Denial of Service Vulnerability

Windows iSCSI Service Denial of Service Vulnerability

CVE-2023-21527 7.5 - High - January 10, 2023

Windows iSCSI Service Denial of Service Vulnerability

Windows Win32k Elevation of Privilege Vulnerability

CVE-2023-21680 7.8 - High - January 10, 2023

Windows Win32k Elevation of Privilege Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2023-21681 8.8 - High - January 10, 2023

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Windows GDI Elevation of Privilege Vulnerability

CVE-2023-21532 7 - High - January 10, 2023

Windows GDI Elevation of Privilege Vulnerability

Windows GDI Elevation of Privilege Vulnerability

CVE-2023-21552 7.8 - High - January 10, 2023

Windows GDI Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

CVE-2023-21555 8.1 - High - January 10, 2023

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

CVE-2023-21556 8.1 - High - January 10, 2023

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

CVE-2023-21557 7.5 - High - January 10, 2023

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Resource Exhaustion

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

CVE-2023-21537 7.8 - High - January 10, 2023

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

Windows SMB Witness Service Elevation of Privilege Vulnerability

CVE-2023-21549 8.8 - High - January 10, 2023

Windows SMB Witness Service Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

CVE-2023-21543 8.1 - High - January 10, 2023

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

CVE-2023-21546 8.1 - High - January 10, 2023

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

Race Condition

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVE-2023-21548 8.1 - High - January 10, 2023

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

CVE-2023-21561 7.8 - High - January 10, 2023

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Task Scheduler Elevation of Privilege Vulnerability

CVE-2023-21541 7.8 - High - January 10, 2023

Windows Task Scheduler Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

CVE-2023-21542 7 - High - January 10, 2023

Windows Installer Elevation of Privilege Vulnerability

Race Condition

Windows Backup Service Elevation of Privilege Vulnerability

CVE-2023-21752 7.1 - High - January 10, 2023

Windows Backup Service Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-21750 7.1 - High - January 10, 2023

Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-21749 7.8 - High - January 10, 2023

Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-21748 7.8 - High - January 10, 2023

Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-21747 7.8 - High - January 10, 2023

Windows Kernel Elevation of Privilege Vulnerability

Windows NTLM Elevation of Privilege Vulnerability

CVE-2023-21746 7.8 - High - January 10, 2023

Windows NTLM Elevation of Privilege Vulnerability

Windows Kernel Information Disclosure Vulnerability

CVE-2023-21776 5.5 - Medium - January 10, 2023

Windows Kernel Information Disclosure Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-21774 7.8 - High - January 10, 2023

Windows Kernel Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVE-2022-44670 8.1 - High - December 13, 2022

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

TOCTTOU

Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVE-2022-44673 7 - High - December 13, 2022

Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVE-2022-44676 8.1 - High - December 13, 2022

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Race Condition

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2022-44678 7.8 - High - December 13, 2022

Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2022-44681 7.8 - High - December 13, 2022

Windows Print Spooler Elevation of Privilege Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2022-44697 7.8 - High - December 13, 2022

Windows Graphics Component Elevation of Privilege Vulnerability

Windows Graphics Component Information Disclosure Vulnerability

CVE-2022-41074 5.5 - Medium - December 13, 2022

Windows Graphics Component Information Disclosure Vulnerability

PowerShell Remote Code Execution Vulnerability

CVE-2022-41076 8.5 - High - December 13, 2022

PowerShell Remote Code Execution Vulnerability

Windows Fax Compose Form Elevation of Privilege Vulnerability

CVE-2022-41077 7.8 - High - December 13, 2022

Windows Fax Compose Form Elevation of Privilege Vulnerability

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2022-41094 7.8 - High - December 13, 2022

Windows Hyper-V Elevation of Privilege Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2022-41121 7.8 - High - December 13, 2022

Windows Graphics Component Elevation of Privilege Vulnerability

Windows Contacts Remote Code Execution Vulnerability

CVE-2022-44666 7.8 - High - December 13, 2022

Windows Contacts Remote Code Execution Vulnerability

Windows Media Remote Code Execution Vulnerability

CVE-2022-44667 7.8 - High - December 13, 2022

Windows Media Remote Code Execution Vulnerability

Windows Media Remote Code Execution Vulnerability

CVE-2022-44668 7.8 - High - December 13, 2022

Windows Media Remote Code Execution Vulnerability

Windows Bluetooth Driver Elevation of Privilege Vulnerability

CVE-2022-44675 7.8 - High - December 13, 2022

Windows Bluetooth Driver Elevation of Privilege Vulnerability

Windows Scripting Languages Remote Code Execution Vulnerability

CVE-2022-41128 8.8 - High - November 09, 2022

Windows Scripting Languages Remote Code Execution Vulnerability

Memory Corruption

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

CVE-2022-41125 7.8 - High - November 09, 2022

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

Memory Corruption

Windows Scripting Languages Remote Code Execution Vulnerability

CVE-2022-41118 7.5 - High - November 09, 2022

Windows Scripting Languages Remote Code Execution Vulnerability

Race Condition

Windows Group Policy Elevation of Privilege Vulnerability

CVE-2022-41086 6.4 - Medium - November 09, 2022

Windows Group Policy Elevation of Privilege Vulnerability

Race Condition

Windows Network Address Translation (NAT) Denial of Service Vulnerability

CVE-2022-41058 7.5 - High - November 09, 2022

Windows Network Address Translation (NAT) Denial of Service Vulnerability

Windows HTTP.sys Elevation of Privilege Vulnerability

CVE-2022-41057 7.8 - High - November 09, 2022

Windows HTTP.sys Elevation of Privilege Vulnerability

Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability

CVE-2022-41056 7.5 - High - November 09, 2022

Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2022-41048 8.8 - High - November 09, 2022

Microsoft ODBC Driver Remote Code Execution Vulnerability

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2022-41047 8.8 - High - November 09, 2022

Microsoft ODBC Driver Remote Code Execution Vulnerability

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVE-2022-41045 7.8 - High - November 09, 2022

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

Race Condition

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVE-2022-41044 8.1 - High - November 09, 2022

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Race Condition

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVE-2022-41039 8.1 - High - November 09, 2022

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Race Condition

Windows Group Policy Elevation of Privilege Vulnerability

CVE-2022-37992 7.8 - High - November 09, 2022

Windows Group Policy Elevation of Privilege Vulnerability

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability

CVE-2022-41116 5.9 - Medium - November 09, 2022

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability

Race Condition

Windows Win32k Elevation of Privilege Vulnerability

CVE-2022-41109 7.8 - High - November 09, 2022

Windows Win32k Elevation of Privilege Vulnerability

Windows GDI+ Information Disclosure Vulnerability

CVE-2022-41098 5.5 - Medium - November 09, 2022

Windows GDI+ Information Disclosure Vulnerability

Windows Digital Media Receiver Elevation of Privilege Vulnerability

CVE-2022-41095 7.8 - High - November 09, 2022

Windows Digital Media Receiver Elevation of Privilege Vulnerability

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability

CVE-2022-41090 5.9 - Medium - November 09, 2022

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability

Race Condition

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2022-41073 7.8 - High - November 09, 2022

Windows Print Spooler Elevation of Privilege Vulnerability

Memory Corruption

Windows Kerberos Denial of Service Vulnerability

CVE-2022-41053 7.5 - High - November 09, 2022

Windows Kerberos Denial of Service Vulnerability

Windows Mark of the Web Security Feature Bypass Vulnerability

CVE-2022-41049 5.4 - Medium - November 09, 2022

Windows Mark of the Web Security Feature Bypass Vulnerability

Improper Privilege Management

Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability

CVE-2022-41097 6.5 - Medium - November 09, 2022

Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability

Windows Group Policy Preference Client Elevation of Privilege Vulnerability

CVE-2022-37993 7.8 - High - October 11, 2022

Windows Group Policy Preference Client Elevation of Privilege Vulnerability

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVE-2022-41081 8.1 - High - October 11, 2022

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-37991 7.8 - High - October 11, 2022

Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-37990 7.8 - High - October 11, 2022

Windows Kernel Elevation of Privilege Vulnerability

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

CVE-2022-37989 7.8 - High - October 11, 2022

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-37988 7.8 - High - October 11, 2022

Windows Kernel Elevation of Privilege Vulnerability

Windows CryptoAPI Spoofing Vulnerability

CVE-2022-34689 7.5 - High - October 11, 2022

Windows CryptoAPI Spoofing Vulnerability

Authentication Bypass by Spoofing