Msrc Windows 11 Version 24H2 vulnerabilities

845 known vulnerabilities affecting msrc/windows_11_version_24h2.

Total CVEs

845

CISA KEV

40

actively exploited

Public exploits

17

Exploited in wild

14

Severity breakdown

CRITICAL11HIGH588MEDIUM241LOW5

Vulnerabilities

Page 43 of 43

CVE-2022-0001MEDIUMCVSS 4.72024-04-09

CVE-2022-0001 [MEDIUM] CWE-1303 Intel: CVE-2022-0001 Branch History Injection Intel: CVE-2022-0001 Branch History Injection Description: This CVE was assigned by Intel. Please see CVE-2022-0001 on CVE.org for more information. FAQ: Why is this Intel CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in certain processor models offered by Intel and was initially disclosed March 8, 2022. Intel published updates April 9, 2024 and this CVE is being documented in t

CVE-2023-24932MEDIUMCVSS 6.7Exploited2023-05-09

CVE-2023-24932 [MEDIUM] Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. FAQ: How can an attacker successfully exploit this vulnerability? To exploit the vulnerability, an attacker who has physical access or Administra

CVE-2021-45985MEDIUMCVSS 5.52023-04-11

CVE-2021-45985 [HIGH] CWE-1395 Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-read Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-read NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2021-45985 Description: This CVE was assigned by Mitre. Some Microsoft products consume Lau open-source software. The purpose of this document is to attest to the fact that the products listed in the Security Updates table hav

CVE-2020-35538MEDIUMCVSS 5.52022-08-09

CVE-2020-35538 [MEDIUM] CWE-476 A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is th

CVE-2013-3900MEDIUMCVSS 5.5KEV2022-01-11

CVE-2013-3900 [MEDIUM] CWE-347 WinVerifyTrust Signature Validation Vulnerability WinVerifyTrust Signature Validation Vulnerability Description: Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the format is different from the original CVE published in 2013, ex

← Previous43 / 43