CPE Details
Microsoft Windows 10 20H2
20h2
2021-10-14
13h04 +00:00
13h04 +00:00
2022-12-02
16h24 +00:00
16h24 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*
Informations
Vendor
microsoftProduct
windows_10Version
20h2Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows NTLM Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Backup Service Elevation of Privilege Vulnerability | 7.1 |
High |
||
| Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | 3.3 |
Low |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.1 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Overlay Filter Information Disclosure Vulnerability | 4.7 |
Medium |
||
| Windows Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
Medium |
||
| PowerShell Remote Code Execution Vulnerability | 8.5 |
High |
||
| Windows Fax Compose Form Elevation of Privilege Vulnerability | 7.8 |
High |
||
| .NET Framework Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Contacts Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Error Reporting Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Bluetooth Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Projected File System Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Raw Image Extension Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Denial of Service Vulnerability | 6.5 |
Medium |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Extensible File Allocation Table Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Kerberos Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Human Interface Device Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability | 7.5 |
High |
||
| Windows HTTP.sys Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 6.4 |
Medium |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | 5.9 |
Medium |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows GDI+ Information Disclosure Vulnerability | 5.5 |
Medium |
||
| BitLocker Security Feature Bypass Vulnerability | 4.6 |
Medium |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Bind Filter Driver Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Scripting Languages Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Group Policy Preference Client Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Group Policy Preference Client Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Local Session Manager (LSM) Denial of Service Vulnerability | 7.7 |
High |
||
| Windows Group Policy Preference Client Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Resilient File System Elevation of Privilege | 7.8 |
High |
||
| Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 3.3 |
Low |
||
| Windows DHCP Client Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Storage Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows USB Serial Driver Information Disclosure Vulnerability | 4.3 |
Medium |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | 6.6 |
Medium |
||
| Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows Workstation Service Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
High |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 7.1 |
High |
||
| Windows Security Support Provider Interface Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows CD-ROM File System Driver Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Server Service Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Web Account Manager Information Disclosure Vulnerability | 7.5 |
High |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Event Tracing Denial of Service Vulnerability | 5.5 |
Medium |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Distributed File System (DFS) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows TCP/IP Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Secure Channel Denial of Service Vulnerability | 8.2 |
High |
||
| Windows Credential Roaming Service Elevation of Privilege Vulnerability | 7.3 |
High |
||
| .NET Framework Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Photo Import API Elevation of Privilege Vulnerability | 7 |
High |
||
| A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | 6.7 |
Medium |
||
| A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | 6.7 |
Medium |
||
| A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | 6.7 |
Medium |
||
| Windows Defender Credential Guard Security Feature Bypass Vulnerability | 7.1 |
High |
||
| Windows Defender Credential Guard Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Defender Credential Guard Security Feature Bypass Vulnerability | 6 |
Medium |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Defender Credential Guard Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Partition Management Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Windows Fax Service Elevation of Privilege Vulnerability | 7.1 |
High |
||
| Windows Partition Management Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows WebBrowser Control Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Bluetooth Service Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Defender Credential Guard Information Disclosure Vulnerability | 4.7 |
Medium |
||
| Xbox Live Save Service Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows BitLocker Information Disclosure Vulnerability | 5.7 |
Medium |
||
| Windows Fax Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| BitLocker Security Feature Bypass Vulnerability | 6.1 |
Medium |
||
| Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability | 6.5 |
Medium |
||
| Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Kerberos AppContainer Security Feature Bypass Vulnerability | 7.8 |
High |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability | 5.3 |
Medium |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows File History Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Container Manager Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot. | 7.5 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| .NET Framework Denial of Service Vulnerability | 5.5 |
Medium |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Print Spooler Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
High |
||
| BitLocker Security Feature Bypass Vulnerability | 4.2 |
Medium |
||
| Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Fax Compose Form Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Fax Compose Form Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Fax Compose Form Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
High |
||
| .NET Framework Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
High |
||
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows File Explorer Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Work Folder Service Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| PowerShell Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Telephony Server Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows AppX Package Manager Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kerberos Remote Code Execution Vulnerability | 8.1 |
High |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Server Service Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
High |
||
| Win32 Stream Enumeration Remote Code Execution Vulnerability | 7.5 |
High |
||
| Remote Desktop Protocol Remote Code Execution Vulnerability | 8 |
High |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows SMB Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows iSCSI Target Service Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows Network File System Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Direct Show Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Network File System Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Desktop Bridge Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Win32 File Enumeration Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 7.8 |
High |
||
| Win32 Stream Enumeration Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Update Stack Elevation of Privilege Vulnerability | 7 |
High |
||
| Win32 File Enumeration Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
High |
||
| Remote Desktop Protocol Client Information Disclosure Vulnerability | 5.4 |
Medium |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 6.5 |
Medium |
||
| Tablet Windows User Interface Application Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Fax and Scan Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Security Support Provider Interface Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows PDEV Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows NT OS Kernel Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Event Tracing Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Inking COM Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7 |
High |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.2 |
High |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft Defender for Endpoint Spoofing Vulnerability | 5.9 |
Medium |
||
| Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | 6.5 |
Medium |
||
| Media Foundation Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
High |
||
| Media Foundation Information Disclosure Vulnerability | 3.3 |
Low |
||
| Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability | 7 |
High |
||
| Windows Cleanup Manager Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Certificate Spoofing Vulnerability | 7.8 |
High |
||
| Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Virtual Machine IDE Drive Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Storage Spaces Controller Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | 6.5 |
Medium |
||
| Windows Hello Security Feature Bypass Vulnerability | 6.1 |
Medium |
||
| Windows Feedback Hub Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Chakra Scripting Engine Memory Corruption Vulnerability | 7.5 |
High |
||
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
High |
||
| Microsoft COM for Windows Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows NTFS Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | 4.4 |
Medium |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
High |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Denial of Service Vulnerability | 7.5 |
High |
||
| Microsoft Edge (Chrome based) Spoofing on IE Mode | 4.3 |
Medium |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Desktop Protocol Client Information Disclosure Vulnerability | 7.4 |
High |
||
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | 4.4 |
Medium |
||
| Windows Desktop Bridge Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows AppX Deployment Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Console Window Host Security Feature Bypass Vulnerability | 7.8 |
High |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Fast FAT File System Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
High |
||
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability | 5.5 |
Medium |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Desktop Bridge Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows Media Audio Decoder Remote Code Execution Vulnerability | 7.8 |
High |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
High |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows AppContainer Elevation Of Privilege Vulnerability | 7.8 |
High |
||
| Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Bind Filter Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows HTTP.sys Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Storage Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft Windows Update Client Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| BitLocker Security Feature Bypass Vulnerability | 5.7 |
Medium |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Key Storage Provider Security Feature Bypass Vulnerability | 6.5 |
Medium |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows SMB Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows SMB Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Subsystem for Linux Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Windows WLAN AutoConfig Service Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Installer Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Installer Denial of Service Vulnerability | 6.1 |
Medium |
||
| Windows SMB Information Disclosure Vulnerability | 7.5 |
High |
||
| Windows Authenticode Spoofing Vulnerability | 5.5 |
Medium |
||
| Windows Bind Filter Driver Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Windows Scripting Engine Memory Corruption Vulnerability | 8.1 |
High |
||
| Windows Print Spooler Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 |
High |
||
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 |
High |
||
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 |
High |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 8 |
High |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 7.5 |
High |
||
| Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Scripting Engine Memory Corruption Vulnerability | 8.8 |
High |
||
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 |
High |
||
| Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows User Account Profile Picture Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows TCP/IP Remote Code Execution Vulnerability | 9.9 |
Critical |
||
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. UPDATE August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see KB5005652. |
9.8 |
Critical |
||
| Windows Hello Security Feature Bypass Vulnerability | 6.1 |
Medium |
||
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows AppContainer Elevation Of Privilege Vulnerability | 7.8 |
High |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows File History Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 8.8 |
High |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
High |
||
| GDI+ Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Font Driver Host Remote Code Execution Vulnerability | 7.8 |
High |
||
| Raw Image Extension Remote Code Execution Vulnerability | 7.8 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Storage Spaces Controller Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Kernel Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Remote Assistance Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows Address Book Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 7.7 |
High |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows GDI Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Partition Management Driver Elevation of Privilege Vulnerability | 6.7 |
Medium |
||
| Windows Certificate Spoofing Vulnerability | 8.1 |
High |
||
| Win32k Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
High |
||
| DirectWrite Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Console Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Bowser.sys Denial of Service Vulnerability | 7.5 |
High |
||
| Windows LSA Denial of Service Vulnerability | 7.5 |
High |
||
| Windows AF_UNIX Socket Provider Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows SMB Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows Authenticode Spoofing Vulnerability | 5.5 |
Medium |
||
| Azure AD Security Feature Bypass Vulnerability | 8.1 |
High |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Installer Spoofing Vulnerability | 6.2 |
Medium |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Media Foundation Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Desktop Bridge Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability | 9.8 |
Critical |
||
| Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
High |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Projected File System Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows InstallService Elevation of Privilege Vulnerability | 6.1 |
Medium |
||
| Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
High |
||
| Server for NFS Information Disclosure Vulnerability | 7.5 |
High |
||
| Windows Hyper-V Denial of Service Vulnerability | 8.6 |
High |
||
| Server for NFS Information Disclosure Vulnerability | 7.5 |
High |
||
| Windows GPSVC Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Server for NFS Denial of Service Vulnerability | 7.5 |
High |
||
| Event Tracing for Windows Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 8.8 |
High |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows TCP/IP Driver Security Feature Bypass Vulnerability | 5.5 |
Medium |
||
| Windows Remote Desktop Services Denial of Service Vulnerability | 7.5 |
High |
||
| Kerberos AppContainer Security Feature Bypass Vulnerability | 9.8 |
Critical |
||
| Windows Bind Filter Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows NTLM Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Scripting Engine Memory Corruption Vulnerability | 7.8 |
High |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Container Manager Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows SMB Client Security Feature Bypass Vulnerability | 6.5 |
Medium |
||
| OLE Automation Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Media Foundation Core Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows SSDP Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows WalletService Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Desktop Bridge Denial of Service Vulnerability | 5.5 |
Medium |
||
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | 7.4 |
High |
||
| Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft Bluetooth Driver Spoofing Vulnerability | 7.1 |
High |
||
| Windows Container Manager Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Container Manager Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Container Manager Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Container Manager Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows CSC Service Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | 8.8 |
High |
||
| Scripting Engine Memory Corruption Vulnerability | 7.5 |
High |
||
| The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. | 3.5 |
Low |
||
| Windows Portmapping Information Disclosure Vulnerability | 7.1 |
High |
||
| Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | 4.4 |
Medium |
||
| Windows Network File System Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Console Driver Denial of Service Vulnerability | 5.5 |
Medium |
||
| Windows Hyper-V Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows TCP/IP Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Console Driver Denial of Service Vulnerability | 5.5 |
Medium |
||
| Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Installer Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Event Tracing Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Speech Runtime Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Speech Runtime Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Speech Runtime Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows DNS Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows AppX Deployment Server Denial of Service Vulnerability | 6.1 |
Medium |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows SMB Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Windows SMB Information Disclosure Vulnerability | 7.5 |
High |
||
| Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows DNS Information Disclosure Vulnerability | 6.5 |
Medium |
||
| Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows GDI+ Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft Windows Codecs Library Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Media Video Decoder Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability | 4.6 |
Medium |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows NTFS Denial of Service Vulnerability | 6.5 |
Medium |
||
| Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Application Compatibility Cache Denial of Service Vulnerability | 6.5 |
Medium |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Media Video Decoder Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | 4.4 |
Medium |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Azure AD Web Sign-in Security Feature Bypass Vulnerability | 9.8 |
Critical |
||
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Internet Messaging API Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Services and Controller App Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Media Photo Codec Information Disclosure Vulnerability | 5.7 |
Medium |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Overlay Filter Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Hyper-V Denial of Service Vulnerability | 7.7 |
High |
||
| Windows Installer Spoofing Vulnerability | 6.2 |
Medium |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows 10 Update Assistant Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | 6.2 |
Medium |
||
| Windows Container Execution Agent Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Update Stack Elevation of Privilege Vulnerability | 7.8 |
High |
||
An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder. To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data. This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See the FAQ section of this CVE for configuration guidance. |
7.8 |
High |
||
| User Profile Service Denial of Service Vulnerability | 6.1 |
Medium |
||
| Windows WalletService Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Media Photo Codec Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Remote Access API Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 8.8 |
High |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| OpenType Font Parsing Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows User Profile Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows WalletService Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Projected File System Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows ActiveX Installer Service Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Update Service Elevation of Privilege Vulnerability | 7.1 |
High |
||
| Windows Container Execution Agent Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Windows Virtual Registry Provider Elevation of Privilege Vulnerability | 8.4 |
High |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows App-V Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Event Tracing Information Disclosure Vulnerability | 5.5 |
Medium |
||
| DirectX Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Error Reporting Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Update Stack Setup Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows PKU2U Elevation of Privilege Vulnerability | 7.8 |
High |
||
| .NET Framework Denial of Service Vulnerability | 7.5 |
High |
||
| Windows DirectX Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Console Driver Denial of Service Vulnerability | 5.5 |
Medium |
||
| Windows TCP/IP Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 8.8 |
High |
||
| Microsoft Defender Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Local Spooler Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Camera Codec Pack Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows TCP/IP Denial of Service Vulnerability | 7.5 |
High |
||
| Windows Address Book Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Mobile Device Management Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability | 6.5 |
Medium |
||
| Windows Trust Verification API Denial of Service Vulnerability | 6.5 |
Medium |
||
| Microsoft Windows Codecs Library Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Backup Engine Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Fax Service Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows TCP/IP Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Microsoft Windows VMSwitch Denial of Service Vulnerability | 6.8 |
Medium |
||
| Windows Remote Procedure Call Information Disclosure Vulnerability | 7.5 |
High |
||
| PFX Encryption Security Feature Bypass Vulnerability | 5.5 |
Medium |
||
| Microsoft SharePoint Server Spoofing Vulnerability | 8 |
High |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Fax Service Remote Code Execution Vulnerability | 9.8 |
Critical |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows GDI+ Information Disclosure Vulnerability | 5.7 |
Medium |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows LUAFV Elevation of Privilege Vulnerability | 8.8 |
High |
||
| Microsoft Edge (HTML-based) Memory Corruption Vulnerability | 7.5 |
High |
||
| Windows Event Logging Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows (modem.sys) Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows InstallService Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Update Stack Elevation of Privilege Vulnerability | 9.8 |
Critical |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Hyper-V Denial of Service Vulnerability | 7.7 |
High |
||
| Windows WalletService Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Multipoint Management Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows WalletService Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows WalletService Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key | 5.5 |
Medium |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key | 5.5 |
Medium |
||
| Windows WalletService Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows CryptoAPI Denial of Service Vulnerability | 6.5 |
Medium |
||
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Print Spooler Spoofing Vulnerability | 8.8 |
High |
||
| Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability | 8.8 |
High |
||
| Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Remote Desktop Security Feature Bypass Vulnerability | 8.8 |
High |
||
| Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability | 7.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| GDI+ Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Fax Compose Form Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| TPM Device Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Active Template Library Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft splwow64 Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows WLAN Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Docker Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key | 7.7 |
High |
||
| Windows DNS Query Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows NTFS Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows GDI+ Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Error Reporting Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Network Connections Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Local Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Spoofing Vulnerability | 5.5 |
Medium |
||
| Windows Camera Codec Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Update Orchestrator Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Update Stack Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Update Orchestrator Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows USO Core Worker Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Delivery Optimization Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Update Orchestrator Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows NDIS Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Update Medic Service Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
High |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Microsoft Browser Memory Corruption Vulnerability | 7.5 |
High |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Network File System Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Internet Explorer Memory Corruption Vulnerability | 7.5 |
High |
||
| Chakra Scripting Engine Memory Corruption Vulnerability | 7.5 |
High |
||
| Scripting Engine Memory Corruption Vulnerability | 8.1 |
High |
||
| Windows Network File System Denial of Service Vulnerability | 7.5 |
High |
||
| Chakra Scripting Engine Memory Corruption Vulnerability | 8.1 |
High |
||
| Windows KernelStream Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Error Reporting Denial of Service Vulnerability | 5.5 |
Medium |
||
| Windows Print Spooler Remote Code Execution Vulnerability | 8.8 |
High |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Hyper-V Security Feature Bypass Vulnerability | 9.8 |
Critical |
||
| Windows Print Configuration Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows WalletService Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Function Discovery SSDP Provider Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Canonical Display Driver Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows MSCTF Server Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Win32k Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Port Class Library Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Error Reporting Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Remote Desktop Protocol Client Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
Medium |
||
| DirectX Elevation of Privilege Vulnerability | 7.8 |
High |
||
| Windows WalletService Information Disclosure Vulnerability | 5.5 |
Medium |
||
| Remote Desktop Protocol Server Information Disclosure Vulnerability | 7.7 |
High |
||
| Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | 9.8 |
Critical |
||
| Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | 6.5 |
Medium |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8557, CVE-2018-8588. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8588. | 7.5 |
High |
||
| A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | 4.3 |
Medium |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557. | 7.5 |
High |
||
| Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | 8.1 |
High |
||
| An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | 4.2 |
Medium |
||
| An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. | 4.3 |
Medium |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8389, CVE-2018-8390. | 7.5 |
High |
||
| Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | 9.8 |
Critical |
||
| In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. | 7.8 |
High |
||
| On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. | 7.2 |
High |
||
| An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Medium |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Medium |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Medium |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Medium |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Medium |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Medium |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Medium |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Medium |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0975. | 5.5 |
Medium |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974. | 5.5 |
Medium |
||
| An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10. | 7.8 |
High |
||
| A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018. | 9.8 |
Critical |
||
| A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution. | 9.8 |
Critical |
||
| ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834. | 3.1 |
Low |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11844. | 3.1 |
Low |
||
| ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
High |
||
| ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
High |
||
| ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
High |
||
| ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
High |
||
| Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". | 7.8 |
High |
||
| Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11851, and CVE-2017-11853. | 4.7 |
Medium |
||
| Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11851. | 5.5 |
Medium |
||
| ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
High |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874. | 6.1 |
Medium |
||
| Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11831. | 4.7 |
Medium |
||
| Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
High |
||
| A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path. | 7.8 |
High |
||
| Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys. | 5.5 |
Medium |
||
| Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233. | 9.8 |
Critical |
||
| Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution. | 9.8 |
Critical |
||
| Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Successful exploitation could lead to arbitrary code execution. | 9.8 |
Critical |
||
| Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution. | 9.8 |
Critical |
||
| Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Successful exploitation could lead to arbitrary code execution. | 9.8 |
Critical |
||
| Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Successful exploitation could lead to arbitrary code execution. | 9.8 |
Critical |
||
| Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to arbitrary code execution. | 9.8 |
Critical |
||
| Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the LocaleID class. Successful exploitation could lead to arbitrary code execution. | 9.8 |
Critical |
||
| Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability". | 7.8 |
High |
||
| Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528. | 8.8 |
High |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541. | 7.8 |
High |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542. | 5.5 |
Medium |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8540. | 7.8 |
High |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539. | 5.5 |
Medium |
||
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0259. | 4.7 |
Medium |
||
| Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process. | 5.5 |
Medium |
||
| A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." | 4.7 |
Medium |
||
| An elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability." | 7 |
High |
||
| An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability." | 7.5 |
High |
||
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0163, CVE-2017-0180, and CVE-2017-0181. | 7.6 |
High |
||
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0180, and CVE-2017-0181. | 7.6 |
High |
||
| An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Windows Elevation of Privilege Vulnerability." | 7.8 |
High |
||
| An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability." | 8.1 |
High |
||
| An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. "Windows Kernel Information Disclosure Vulnerability." | 5.5 |
Medium |
||
| A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | 5.4 |
Medium |
||
| A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | 5.8 |
Medium |
||
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0181. | 7.6 |
High |
||
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180. | 7.6 |
High |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | 5.8 |
Medium |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | 5.8 |
Medium |
||
| A denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, and CVE-2017-0186. | 5.4 |
Medium |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0186. | 5.8 |
Medium |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0185. | 5.8 |
Medium |
||
| A Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0189. | 3.3 |
Low |
||
| An elevation of privilege vulnerability exists in Windows 10 when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0188. | 7.8 |
High |
||
| A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability." | 5.8 |
Medium |
||
| The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive information via a specially crafted document or an untrusted website, aka "ATMFD.dll Information Disclosure Vulnerability." | 4.3 |
Medium |
||
| An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability." | 5.5 |
Medium |
||
| Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Successful exploitation could lead to arbitrary code execution. | 7.8 |
High |
||
| Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution. | 9.8 |
Critical |
||
| Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution. | 9.8 |
Critical |
||
| Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution. | 9.8 |
Critical |
||
| Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution. | 9.8 |
Critical |
||
| Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution. | 9.8 |
Critical |
||
| Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution. | 7.8 |
High |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
High |
||
| The kernel-mode drivers in Microsoft Windows 10 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082. | 7.8 |
High |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
High |
||
| Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099. | 5.4 |
Medium |
||
| Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0097, and CVE-2017-0099. | 5.4 |
Medium |
||
| Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. | 8.8 |
High |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
High |
||
| Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0099. | 5.4 |
Medium |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, and CVE-2017-0151. | 7.5 |
High |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, and CVE-2017-0150. | 7.5 |
High |
||
| Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system. | 8.8 |
High |
||
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016. | 9.8 |
Critical |
||
| Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3201. | 5.5 |
Medium |
||
| GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169. | 6.5 |
Medium |
||
| GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability." | 8.8 |
High |
||
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0173, CVE-2016-0174, and CVE-2016-0196. | 7.8 |
High |
||
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0174, and CVE-2016-0196. | 7.8 |
High |
||
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0173, and CVE-2016-0196. | 7.8 |
High |
||
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to obtain sensitive information about kernel-object addresses, and consequently bypass the KASLR protection mechanism, via a crafted application, aka "Win32k Information Disclosure Vulnerability." | 3.3 |
Low |
||
| dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability." | 7.8 |
High |
||
| Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Shell Remote Code Execution Vulnerability." | 7.8 |
High |
||
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles symbolic links, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." | 7.8 |
High |
||
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0173, and CVE-2016-0174. | 7.8 |
High |
||
| dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability." | 7.8 |
High |
||
| Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted text property, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, CVE-2015-8821, and CVE-2015-8822. | 8.8 |
High |
||
| Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." | 9.3 |
Critical |
||
| Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability." | 7.1 |
High |
||
| Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability." | 7.1 |
High |
||
| The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) via a malformed Cascading Style Sheets (CSS) token sequence in conjunction with modifications to HTML elements, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6048 and CVE-2015-6049. | 8.1 |
High |
2025©
tesweb SA
