CPE Details
Microsoft Windows Server 2019 Datacenter Edition on x64
-
2020-03-04 14:39 +00:00
2020-03-04 14:39 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:datacenter:*:x64:*
Informations
Vendor
microsoftProduct
windows_server_2019Version
-Software Edition
datacenterTarget Hardware
x64Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Windows Perception Service Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Cryptographic Services Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Storage Elevation of Privilege Vulnerability | 7.3 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Streaming Service Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Microsoft Streaming Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Standards-Based Storage Management Service Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Winlogon Elevation of Privilege Vulnerability | 5.5 |
MEDIUM |
||
| Winlogon Elevation of Privilege Vulnerability | 5.5 |
MEDIUM |
||
| Windows Themes Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
| Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 6.7 |
MEDIUM |
||
| Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Wi-Fi Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows OLE Remote Code Execution Vulnerability | 8 |
HIGH |
||
| Windows Container Manager Service Elevation of Privilege Vulnerability | 6.8 |
MEDIUM |
||
| DHCP Server Service Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 4.7 |
MEDIUM |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows MSHTML Platform Security Feature Bypass Vulnerability | 8.8 |
HIGH |
||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Secure Boot Security Feature Bypass Vulnerability | 7.1 |
HIGH |
||
| Secure Boot Security Feature Bypass Vulnerability | 7.8 |
HIGH |
||
| Windows Authentication Elevation of Privilege Vulnerability | 4.3 |
MEDIUM |
||
| SmartScreen Prompt Security Feature Bypass Vulnerability | 8.8 |
HIGH |
||
| Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. | 7.5 |
HIGH |
||
| Internet Shortcut Files Security Feature Bypass Vulnerability | 8.1 |
HIGH |
||
| Windows Printing Service Spoofing Vulnerability | 7.5 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows DNS Information Disclosure Vulnerability | 7.1 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Kernel Security Feature Bypass Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Internet Connection Sharing (ICS) Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 5.9 |
MEDIUM |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Kernel Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows USB Generic Parent Driver Remote Code Execution Vulnerability | 6.4 |
MEDIUM |
||
| Trusted Compute Base Elevation of Privilege Vulnerability | 4.1 |
MEDIUM |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows OLE Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows SmartScreen Security Feature Bypass Vulnerability | 7.6 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Kernel Information Disclosure Vulnerability | 4.6 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Themes Spoofing Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| .NET Framework Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Cryptographic Services Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 5.7 |
MEDIUM |
||
| Microsoft AllJoyn API Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Server Key Distribution Service Security Feature Bypass | 6.1 |
MEDIUM |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Message Queuing Client (MSMQC) Information Disclosure | 6.5 |
MEDIUM |
||
| Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability | 4.9 |
MEDIUM |
||
| Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Microsoft Common Log File System Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 8.1 |
HIGH |
||
| NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | 9.8 |
CRITICAL |
||
| Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | 8.7 |
HIGH |
||
| Windows TCP/IP Information Disclosure Vulnerability | 5.3 |
MEDIUM |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | 4.4 |
MEDIUM |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Hyper-V Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows libarchive Remote Code Execution Vulnerability | 7.3 |
HIGH |
||
| Windows CoreMessaging Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Themes Information Disclosure Vulnerability | 4.7 |
MEDIUM |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Cryptographic Services Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Message Queuing Client (MSMQC) Information Disclosure | 6.5 |
MEDIUM |
||
| Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8 |
HIGH |
||
| Windows Kerberos Security Feature Bypass Vulnerability | 8.8 |
HIGH |
||
| BitLocker Security Feature Bypass Vulnerability | 6.6 |
MEDIUM |
||
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. | 7.1 |
HIGH |
||
| Windows DNS Spoofing Vulnerability | 7.5 |
HIGH |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Sysmain Service Elevation of Privilege | 7.8 |
HIGH |
||
| DHCP Server Service Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Internet Connection Sharing (ICS) Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| DHCP Server Service Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Telephony Server Elevation of Privilege Vulnerability | 8.1 |
HIGH |
||
| Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability | 7.5 |
HIGH |
||
| XAML Diagnostics Elevation of Privilege Vulnerability | 7.3 |
HIGH |
||
| DHCP Server Service Information Disclosure Vulnerability | 5.3 |
MEDIUM |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS. | 6.8 |
MEDIUM |
||
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | 9.8 |
CRITICAL |
||
| Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |
HIGH |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Authentication Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| DHCP Server Service Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows User Interface Application Core Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Search Service Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Deployment Services Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows NTFS Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows HMAC Key Derivation Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Microsoft Remote Registry Service Remote Code Execution Vulnerability | 7.2 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Scripting Engine Memory Corruption Vulnerability | 8.8 |
HIGH |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Remote Registry Service Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 8 |
HIGH |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| ASP.NET Security Feature Bypass Vulnerability | 8.8 |
HIGH |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. | 9.8 |
CRITICAL |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows IIS Server Elevation of Privilege Vulnerability | 9.8 |
CRITICAL |
||
| Windows TCP/IP Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| PrintHTML API Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Microsoft WordPad Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Search Security Feature Bypass Vulnerability | 6.5 |
MEDIUM |
||
| Windows Deployment Services Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
HIGH |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
HIGH |
||
| Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
HIGH |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
MEDIUM |
||
| Windows upnphost.dll Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Procedure Call Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows TCP/IP Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows TCP/IP Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Named Pipe Filesystem Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 8 |
HIGH |
||
| Windows Kernel Security Feature Bypass Vulnerability | 4.4 |
MEDIUM |
||
| Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft DirectMusic Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| DHCP Server Service Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Setup Files Cleanup Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Deployment Services Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Deployment Services Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft AllJoyn API Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Media Foundation Core Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Virtual Trusted Platform Module Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Mixed Reality Developer Tools Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Error Reporting Service Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Active Directory Domain Services Information Disclosure Vulnerability | 4.4 |
MEDIUM |
||
| Windows Container Manager Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Power Management Service Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Named Pipe File System Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Runtime Remote Code Execution Vulnerability | 7 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
HIGH |
||
| When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. | 7.5 |
HIGH |
||
| .NET Framework Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Visual Studio Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Visual Studio Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Visual Studio Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Visual Studio Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows TCP/IP Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| DHCP Server Service Information Disclosure Vulnerability | 5.3 |
MEDIUM |
||
| Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows MSHTML Platform Security Feature Bypass Vulnerability | 7 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Miracast Wireless Display Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows TCP/IP Denial of Service Vulnerability | 7.5 |
HIGH |
||
| DHCP Server Service Information Disclosure Vulnerability | 5.3 |
MEDIUM |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| DHCP Server Service Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| ASP.NET Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| .NET Framework Spoofing Vulnerability | 7.4 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Fax Service Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Projected File System Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Microsoft Message Queuing Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft Message Queuing Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft Message Queuing Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Microsoft Message Queuing Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Hyper-V Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Cryptographic Services Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Cryptographic Services Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows System Assessment Tool Elevation of Privilege Vulnerability | 9.8 |
CRITICAL |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Group Policy Security Feature Bypass Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | 5.5 |
MEDIUM |
||
| A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | 4.7 |
MEDIUM |
||
| Windows Search Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Azure Active Directory Security Feature Bypass Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows MSHTML Platform Security Feature Bypass Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| USB Audio Class System Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| HTTP.sys Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft Failover Cluster Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | 9.8 |
CRITICAL |
||
| Active Template Library Elevation of Privilege Vulnerability | 6.7 |
MEDIUM |
||
| Volume Shadow Copy Elevation of Privilege Vulnerability | 7.3 |
HIGH |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Network Load Balancing Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Partition Management Driver Elevation of Privilege Vulnerability | 9.8 |
CRITICAL |
||
| Windows Netlogon Information Disclosure Vulnerability | 7.4 |
HIGH |
||
| Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Kernel Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Clip Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Desktop Security Feature Bypass Vulnerability | 7.5 |
HIGH |
||
| Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | 7.2 |
HIGH |
||
| Active Directory Federation Service Security Feature Bypass Vulnerability | 6.5 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows Geolocation Service Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Image Acquisition Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft DirectMusic Information Disclosure Vulnerability | 6.2 |
MEDIUM |
||
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows CryptoAPI Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Peer Name Resolution Protocol Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows MSHTML Platform Security Feature Bypass Vulnerability | 6.5 |
MEDIUM |
||
| Windows Remote Desktop Protocol Security Feature Bypass | 6.8 |
MEDIUM |
||
| Windows Local Security Authority (LSA) Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Extended Negotiation Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Authentication Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Transaction Manager Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows CDP User Components Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Print Spooler Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Deployment Services Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Deployment Services Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Procedure Call Runtime Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |
HIGH |
||
| Windows MSHTML Platform Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Remote Desktop Security Feature Bypass Vulnerability | 6.8 |
MEDIUM |
||
| OLE Automation Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Update Orchestrator Service Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft Failover Cluster Remote Code Execution Vulnerability | 7.2 |
HIGH |
||
| Windows Cryptographic Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| .NET and Visual Studio Denial of Service Vulnerability | 7.5 |
HIGH |
||
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 7.5 |
HIGH |
||
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | 7.5 |
HIGH |
||
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| .NET Framework Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows CryptoAPI Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Server Service Security Feature Bypass Vulnerability | 7.6 |
HIGH |
||
| Windows SMB Witness Service Security Feature Bypass Vulnerability | 7.1 |
HIGH |
||
| Windows DNS Spoofing Vulnerability | 5.6 |
MEDIUM |
||
| Windows Kernel Information Disclosure Vulnerability | 4.7 |
MEDIUM |
||
| Microsoft PostScript Printer Driver Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Installer Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Hyper-V Denial of Service Vulnerability | 5.3 |
MEDIUM |
||
| Windows iSCSI Discovery Service Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Collaborative Translation Framework Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Filtering Platform Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| iSCSI Target WMI Provider Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Authentication Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft Streaming Service Elevation of Privilege Vulnerability | 8.4 |
HIGH |
||
| GDI Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| DHCP Server Service Information Disclosure Vulnerability | 5.3 |
MEDIUM |
||
| Windows Remote Desktop Security Feature Bypass Vulnerability | 6.5 |
MEDIUM |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 8.1 |
HIGH |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows CryptoAPI Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Local Security Authority (LSA) Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.3 |
HIGH |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.3 |
HIGH |
||
| Unified Write Filter Elevation of Privilege Vulnerability | 6.7 |
MEDIUM |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| HTTP.sys Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | 5.9 |
MEDIUM |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7.4 |
HIGH |
||
| Windows Bluetooth Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Backup Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows iSCSI Target Service Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Bluetooth Driver Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Network File System Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows NFS Portmapper Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows NTLM Security Support Provider Information Disclosure Vulnerability | 5.9 |
MEDIUM |
||
| Server for NFS Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service. | 7.5 |
HIGH |
||
| CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface. | 9.8 |
CRITICAL |
||
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface. | 9.8 |
CRITICAL |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
HIGH |
||
| Windows Group Policy Security Feature Bypass Vulnerability | 4.4 |
MEDIUM |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Clip Service Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Boot Manager Security Feature Bypass Vulnerability | 6.8 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Network File System Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Lock Screen Security Feature Bypass Vulnerability | 6.8 |
MEDIUM |
||
| Windows Boot Manager Security Feature Bypass Vulnerability | 6.8 |
MEDIUM |
||
| Netlogon RPC Elevation of Privilege Vulnerability | 8.1 |
HIGH |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 8.1 |
HIGH |
||
| Remote Desktop Protocol Client Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Network Load Balancing Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Kernel Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Lock Screen Security Feature Bypass Vulnerability | 6.8 |
MEDIUM |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| DHCP Server Service Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Spoofing Vulnerability | 5.5 |
MEDIUM |
||
| Windows Bluetooth Driver Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows NTLM Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | 7.1 |
HIGH |
||
| Windows Domain Name Service Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows Kernel Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
| Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.1 |
HIGH |
||
| Windows Error Reporting Service Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft Message Queuing Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Remote Procedure Call Runtime Information Disclosure Vulnerability | 5.3 |
MEDIUM |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows SmartScreen Security Feature Bypass Vulnerability | 4.4 |
MEDIUM |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 4.3 |
MEDIUM |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Secure Channel Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Partition Management Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Cryptographic Services Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | 7.1 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Accounts Picture Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows HTTP.sys Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | 7.1 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. | 7.8 |
HIGH |
||
| An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. | 5.5 |
MEDIUM |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| .NET and Visual Studio Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| .NET Framework Denial of Service Vulnerability | 5 |
MEDIUM |
||
| Windows iSCSI Service Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows iSCSI Discovery Service Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | 5.3 |
MEDIUM |
||
| Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | 6.2 |
MEDIUM |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Fax Service Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.7 |
MEDIUM |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| NT OS Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 7.4 |
HIGH |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Active Directory Domain Services API Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows iSCSI Service Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | 9.8 |
CRITICAL |
||
| A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | 9.8 |
CRITICAL |
||
| A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | 7.8 |
HIGH |
||
| A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | 7.8 |
HIGH |
||
| Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 5.3 |
MEDIUM |
||
| Windows iSCSI Service Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows GDI Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Event Tracing for Windows Information Disclosure Vulnerability | 4.7 |
MEDIUM |
||
| Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Cryptographic Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Task Scheduler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Installer Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows SMB Witness Service Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Cryptographic Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 9.1 |
CRITICAL |
||
| Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Cryptographic Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Boot Manager Security Feature Bypass Vulnerability | 6.6 |
MEDIUM |
||
| Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| BitLocker Security Feature Bypass Vulnerability | 6.8 |
MEDIUM |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability | 5.3 |
MEDIUM |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Credential Manager User Interface Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Netlogon Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows NTLM Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.1 |
HIGH |
||
| Event Tracing for Windows Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.1 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Overlay Filter Information Disclosure Vulnerability | 4.7 |
MEDIUM |
||
| Windows Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| PowerShell Remote Code Execution Vulnerability | 8.5 |
HIGH |
||
| Windows Fax Compose Form Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| .NET Framework Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Contacts Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Error Reporting Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Bluetooth Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Projected File System Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Graphics Component Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Denial of Service Vulnerability | 6.8 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows SmartScreen Security Feature Bypass Vulnerability | 5.4 |
MEDIUM |
||
| Windows Kernel Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | 8.1 |
HIGH |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.2 |
HIGH |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Netlogon RPC Elevation of Privilege Vulnerability | 8.1 |
HIGH |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
MEDIUM |
||
| Windows Extensible File Allocation Table Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Kerberos Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Human Interface Device Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows HTTP.sys Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
HIGH |
||
| .NET Framework Information Disclosure Vulnerability | 5.8 |
MEDIUM |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 6.4 |
MEDIUM |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | 5.9 |
MEDIUM |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
MEDIUM |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows GDI+ Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Scripting Languages Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Scripting Languages Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows CryptoAPI Spoofing Vulnerability | 7.5 |
HIGH |
||
| Windows NTLM Spoofing Vulnerability | 6.5 |
MEDIUM |
||
| Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | 5.9 |
MEDIUM |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Active Directory Certificate Services Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Active Directory Certificate Services Security Feature Bypass | 7.5 |
HIGH |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Event Logging Service Denial of Service Vulnerability | 4.3 |
MEDIUM |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows WLAN Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Group Policy Preference Client Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Group Policy Preference Client Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Group Policy Preference Client Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Resilient File System Elevation of Privilege | 7.8 |
HIGH |
||
| Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 3.3 |
LOW |
||
| Windows DHCP Client Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Storage Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows USB Serial Driver Information Disclosure Vulnerability | 4.3 |
MEDIUM |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | 6.6 |
MEDIUM |
||
| Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Workstation Service Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 7.1 |
HIGH |
||
| Windows Security Support Provider Interface Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows CD-ROM File System Driver Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Server Service Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Web Account Manager Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows COM+ Event System Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Graphics Component Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Fax Service Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability | 6.5 |
MEDIUM |
||
| SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Enterprise App Management Service Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Event Tracing Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows DNS Server Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Distributed File System (DFS) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows TCP/IP Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 8.1 |
HIGH |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 8.1 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Secure Channel Denial of Service Vulnerability | 8.2 |
HIGH |
||
| Windows Credential Roaming Service Elevation of Privilege Vulnerability | 7.3 |
HIGH |
||
| .NET Framework Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Photo Import API Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Graphics Component Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | 6.7 |
MEDIUM |
||
| A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | 6.7 |
MEDIUM |
||
| A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | 6.7 |
MEDIUM |
||
| Windows Defender Credential Guard Security Feature Bypass Vulnerability | 7.1 |
HIGH |
||
| Windows Defender Credential Guard Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.3 |
HIGH |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Defender Credential Guard Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft ATA Port Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Defender Credential Guard Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Defender Credential Guard Security Feature Bypass Vulnerability | 6 |
MEDIUM |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Defender Credential Guard Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Partition Management Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Fax Service Elevation of Privilege Vulnerability | 7.1 |
HIGH |
||
| Windows Partition Management Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows WebBrowser Control Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Defender Credential Guard Information Disclosure Vulnerability | 4.7 |
MEDIUM |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.1 |
HIGH |
||
| Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability | 7.1 |
HIGH |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Hyper-V Information Disclosure Vulnerability | 5.7 |
MEDIUM |
||
| Windows Shell Remote Code Execution Vulnerability | 8.4 |
HIGH |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Active Directory Federation Services Elevation of Privilege Vulnerability | 7.5 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows GDI+ Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Connected Devices Platform Service Information Disclosure Vulnerability | 4.7 |
MEDIUM |
||
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows IIS Server Elevation of Privilege Vulnerability | 7.4 |
HIGH |
||
| Windows Security Account Manager (SAM) Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 6.6 |
MEDIUM |
||
| Windows Boot Manager Security Feature Bypass Vulnerability | 7.4 |
HIGH |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows BitLocker Information Disclosure Vulnerability | 5.7 |
MEDIUM |
||
| Windows Fax Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| BitLocker Security Feature Bypass Vulnerability | 6.1 |
MEDIUM |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows.Devices.Picker.dll Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 6.8 |
MEDIUM |
||
| Internet Information Services Dynamic Compression Module Denial of Service Vulnerability | 7.3 |
HIGH |
||
| Windows Network File System Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.5 |
HIGH |
||
| Performance Counters for Windows Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Network File System Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Network File System Information Disclosure Vulnerability | 5.9 |
MEDIUM |
||
| Windows Fax Service Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Internet Information Services Cachuri Module Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Fax Service Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | 6.6 |
MEDIUM |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.1 |
HIGH |
||
| Windows Kernel Information Disclosure Vulnerability | 4.7 |
MEDIUM |
||
| Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Kerberos AppContainer Security Feature Bypass Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 8.5 |
HIGH |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability | 5.3 |
MEDIUM |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability | 7.5 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Desired State Configuration (DSC) Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows File History Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows iSCSI Discovery Service Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Network File System Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Container Manager Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability. | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| .NET Framework Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
| Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Print Spooler Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Clustered Shared Volume Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Clustered Shared Volume Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| BitLocker Security Feature Bypass Vulnerability | 4.2 |
MEDIUM |
||
| Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Push Notifications Apps Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Clustered Shared Volume Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Clustered Shared Volume Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows WLAN AutoConfig Service Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Clustered Shared Volume Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Fax Service Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Graphics Component Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Failover Cluster Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Network File System Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Server Service Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows WLAN AutoConfig Service Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Graphics Component Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows NTFS Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 8.2 |
HIGH |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.5 |
HIGH |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Address Book Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows LSA Spoofing Vulnerability | 8.1 |
HIGH |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Authentication Information Disclosure Vulnerability | 7.4 |
HIGH |
||
| Windows Hyper-V Security Feature Bypass Vulnerability | 4.1 |
MEDIUM |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows PlayToManager Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Fax Compose Form Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Fax Compose Form Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Fax Compose Form Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows User Profile Service Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| .NET Framework Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows DNS Server Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
HIGH |
||
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows File Explorer Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Work Folder Service Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| PowerShell Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Telephony Server Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows AppX Package Manager Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kerberos Remote Code Execution Vulnerability | 8.1 |
HIGH |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Server Service Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | 8.1 |
HIGH |
||
| Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
HIGH |
||
| Win32 Stream Enumeration Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Remote Desktop Protocol Remote Code Execution Vulnerability | 8 |
HIGH |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows SMB Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows iSCSI Target Service Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Network File System Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Direct Show - Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Network File System Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | 8.1 |
HIGH |
||
| Cluster Client Failover (CCF) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Local Security Authority (LSA) Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Win32 File Enumeration Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Win32 Stream Enumeration Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Remote Desktop Protocol Client Information Disclosure Vulnerability | 5.4 |
MEDIUM |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 6.5 |
MEDIUM |
||
| Tablet Windows User Interface Application Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Fax and Scan Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows CD-ROM Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Security Support Provider Interface Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows PDEV Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows NT OS Kernel Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Event Tracing Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Inking COM Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.2 |
HIGH |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft Defender for Endpoint Spoofing Vulnerability | 5.9 |
MEDIUM |
||
| Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Media Foundation Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Media Foundation Information Disclosure Vulnerability | 3.3 |
LOW |
||
| Windows Hyper-V Denial of Service Vulnerability | 4.7 |
MEDIUM |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Named Pipe File System Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Denial of Service Vulnerability | 5.6 |
MEDIUM |
||
| Windows Common Log File System Driver Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
| Windows User Account Profile Picture Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.1 |
HIGH |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 7.9 |
HIGH |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Mobile Device Management Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Roaming Security Rights Management Services Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Runtime Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.4 |
MEDIUM |
||
| Workstation Service Remote Protocol Security Feature Bypass Vulnerability | 5.3 |
MEDIUM |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| DirectX Graphics Kernel File Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows User Profile Service Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows GDI+ Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass | 7.5 |
HIGH |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| DirectX Graphics Kernel Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| .NET Framework Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft Cluster Port Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| HTTP Protocol Stack Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Defender Application Control Security Feature Bypass Vulnerability | 5.5 |
MEDIUM |
||
| Windows GDI Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Hyper-V Security Feature Bypass Vulnerability | 8 |
HIGH |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 9 |
CRITICAL |
||
| Windows Hyper-V Security Feature Bypass Vulnerability | 4.6 |
MEDIUM |
||
| DirectX Graphics Kernel Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Secure Boot Security Feature Bypass Vulnerability | 4.4 |
MEDIUM |
||
| Windows User Profile Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Desktop Protocol Remote Code Execution Vulnerability | 8 |
HIGH |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 |
MEDIUM |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Modern Execution Server Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows GDI+ Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Geolocation Service Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Storage Spaces Controller Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Win32k Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Storage Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Tile Data Repository Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Security Center API Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Clipboard User Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Devices Human Interface Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Push Notifications Apps Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows System Launcher Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows StateRepository API Server file Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows UI Immersive Server API Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Application Model Core API Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Task Flow Data Engine Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows AppContracts API Server Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Windows Accounts Control Elevation of Privilege Vulnerability | 7 |
HIGH |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Bind Filter Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Hyper-V Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Cleanup Manager Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability | 6.1 |
MEDIUM |
||
| Windows Certificate Spoofing Vulnerability | 7.8 |
HIGH |
||
| Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Virtual Machine IDE Drive Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability | 7.5 |
HIGH |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows TCP/IP Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Denial of Service Vulnerability | 5.6 |
MEDIUM |
||
| Windows Kernel Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Storage Spaces Controller Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Fax Service Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows NTFS Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Event Tracing Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows NTFS Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows NTFS Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| SymCrypt Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Storage Spaces Controller Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| DirectX Graphics Kernel File Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution | 9.8 |
CRITICAL |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data. | 6.5 |
MEDIUM |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Hello Security Feature Bypass Vulnerability | 6.1 |
MEDIUM |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Denial of Service Vulnerability | 7.5 |
HIGH |
||
| NTFS Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Feedback Hub Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Chakra Scripting Engine Memory Corruption Vulnerability | 7.5 |
HIGH |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 7.5 |
HIGH |
||
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Microsoft COM for Windows Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability | 6.8 |
MEDIUM |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows NTFS Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | 4.4 |
MEDIUM |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Microsoft Edge (Chrome based) Spoofing on IE Mode | 4.3 |
MEDIUM |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Desktop Protocol Client Information Disclosure Vulnerability | 7.4 |
HIGH |
||
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | 4.4 |
MEDIUM |
||
| Windows Desktop Bridge Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability | 9 |
CRITICAL |
||
| Active Directory Federation Server Spoofing Vulnerability | 5.4 |
MEDIUM |
||
| Windows AppX Deployment Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Fast FAT File System Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability | 5.5 |
MEDIUM |
||
| Active Directory Security Feature Bypass Vulnerability | 4.9 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Media Audio Decoder Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows AppContainer Elevation Of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Text Shaping Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Nearby Sharing Elevation of Privilege Vulnerability | 8 |
HIGH |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.7 |
HIGH |
||
| Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 9 |
CRITICAL |
||
| Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability | 6.5 |
MEDIUM |
||
| Windows AD FS Security Feature Bypass Vulnerability | 7.5 |
HIGH |
||
| Windows Installer Spoofing Vulnerability | 5.5 |
MEDIUM |
||
| Rich Text Edit Control Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows exFAT File System Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Fast FAT File System Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Print Spooler Spoofing Vulnerability | 8.8 |
HIGH |
||
| Windows TCP/IP Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows HTTP.sys Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability. UPDATE September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system. |
8.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Storage Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft Windows Update Client Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| BitLocker Security Feature Bypass Vulnerability | 5.7 |
MEDIUM |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Key Storage Provider Security Feature Bypass Vulnerability | 6.5 |
MEDIUM |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows SMB Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows SMB Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Subsystem for Linux Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows WLAN AutoConfig Service Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Installer Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Installer Denial of Service Vulnerability | 6.1 |
MEDIUM |
||
| Windows SMB Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Authenticode Spoofing Vulnerability | 5.5 |
MEDIUM |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Bind Filter Driver Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Scripting Engine Memory Corruption Vulnerability | 8.1 |
HIGH |
||
| Windows Update Medic Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows LSA Spoofing Vulnerability | 7.5 |
HIGH |
||
| Windows Cryptographic Primitives Library Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 8 |
HIGH |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 7.5 |
HIGH |
||
| Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows User Profile Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Scripting Engine Memory Corruption Vulnerability | 8.8 |
HIGH |
||
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows User Account Profile Picture Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows TCP/IP Remote Code Execution Vulnerability | 9.9 |
CRITICAL |
||
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. UPDATE August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see KB5005652. |
9.8 |
CRITICAL |
||
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows AppContainer Elevation Of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Remote Code Execution Vulnerability | 9.9 |
CRITICAL |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows File History Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 9.9 |
CRITICAL |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Scripting Engine Memory Corruption Vulnerability | 8.8 |
HIGH |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 8.8 |
HIGH |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows DNS Server Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| GDI+ Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Font Driver Host Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Storage Spaces Controller Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Kernel Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Remote Assistance Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Address Book Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 7.7 |
HIGH |
||
| Windows DNS Server Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows GDI Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows DNS Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Partition Management Driver Elevation of Privilege Vulnerability | 6.7 |
MEDIUM |
||
| Windows Certificate Spoofing Vulnerability | 8.1 |
HIGH |
||
| Win32k Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
HIGH |
||
| DirectWrite Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Console Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Bowser.sys Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows LSA Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows LSA Security Feature Bypass Vulnerability | 8.8 |
HIGH |
||
| Windows AF_UNIX Socket Provider Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows SMB Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Authenticode Spoofing Vulnerability | 5.5 |
MEDIUM |
||
| Azure AD Security Feature Bypass Vulnerability | 8.1 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows AD FS Security Feature Bypass Vulnerability | 8.1 |
HIGH |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Installer Spoofing Vulnerability | 6.2 |
MEDIUM |
||
| Windows Key Distribution Center Information Disclosure Vulnerability | 5.9 |
MEDIUM |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Media Foundation Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Desktop Bridge Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability | 9.8 |
CRITICAL |
||
| Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Hyper-V Denial of Service Vulnerability | 8.6 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 8 |
HIGH |
||
| Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows DNS Server Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Windows Secure Kernel Mode Security Feature Bypass Vulnerability | 6.7 |
MEDIUM |
||
| Windows Projected File System Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows InstallService Elevation of Privilege Vulnerability | 6.1 |
MEDIUM |
||
| Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
HIGH |
||
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):
Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design. UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates. Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527. |
8.8 |
HIGH |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Server for NFS Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Hyper-V Denial of Service Vulnerability | 8.6 |
HIGH |
||
| Server for NFS Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows GPSVC Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Server for NFS Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Event Tracing for Windows Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 8.8 |
HIGH |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows TCP/IP Driver Security Feature Bypass Vulnerability | 5.5 |
MEDIUM |
||
| Windows Remote Desktop Services Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Kerberos AppContainer Security Feature Bypass Vulnerability | 9.8 |
CRITICAL |
||
| Windows NTLM Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Scripting Engine Memory Corruption Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows NTFS Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Filter Manager Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows DCOM Server Security Feature Bypass | 6.5 |
MEDIUM |
||
| OLE Automation Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows SSDP Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | 7.4 |
HIGH |
||
| Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft Bluetooth Driver Spoofing Vulnerability | 7.1 |
HIGH |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Container Manager Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows CSC Service Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 9.9 |
CRITICAL |
||
| Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Scripting Engine Memory Corruption Vulnerability | 7.5 |
HIGH |
||
| The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. | 3.5 |
LOW |
||
| Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | 4.4 |
MEDIUM |
||
| Windows Portmapping Information Disclosure Vulnerability | 7.1 |
HIGH |
||
| Windows Hyper-V Security Feature Bypass Vulnerability | 6.5 |
MEDIUM |
||
| Windows Network File System Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Console Driver Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
| Windows Hyper-V Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows TCP/IP Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Console Driver Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
| Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Installer Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Event Tracing Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Speech Runtime Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Speech Runtime Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Speech Runtime Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows DNS Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Windows AppX Deployment Server Denial of Service Vulnerability | 6.1 |
MEDIUM |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows SMB Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows DNS Information Disclosure Vulnerability | 6.5 |
MEDIUM |
||
| Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows GDI+ Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft Windows Codecs Library Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Media Video Decoder Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability | 4.6 |
MEDIUM |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows NTFS Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Application Compatibility Cache Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Media Video Decoder Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | 4.4 |
MEDIUM |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Azure AD Web Sign-in Security Feature Bypass Vulnerability | 9.8 |
CRITICAL |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Internet Messaging API Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Services and Controller App Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Media Photo Codec Information Disclosure Vulnerability | 5.7 |
MEDIUM |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Overlay Filter Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Denial of Service Vulnerability | 7.7 |
HIGH |
||
| Windows Installer Spoofing Vulnerability | 6.2 |
MEDIUM |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows DNS Server Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Internet Explorer Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows UPnP Device Host Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows DNS Server Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows DNS Server Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows DNS Server Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | 6.2 |
MEDIUM |
||
| Windows Container Execution Agent Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Application Virtualization Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Update Stack Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder. To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data. This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See the FAQ section of this CVE for configuration guidance. |
7.8 |
HIGH |
||
| User Profile Service Denial of Service Vulnerability | 6.1 |
MEDIUM |
||
| Windows Media Photo Codec Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Remote Access API Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows DNS Server Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Projected File System Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Update Service Elevation of Privilege Vulnerability | 7.1 |
HIGH |
||
| Windows Container Execution Agent Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Windows Virtual Registry Provider Elevation of Privilege Vulnerability | 8.4 |
HIGH |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows App-V Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Internet Explorer Memory Corruption Vulnerability | 8.8 |
HIGH |
||
| Windows Event Tracing Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| DirectX Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Update Stack Setup Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows PKU2U Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| .NET Framework Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows DirectX Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Console Driver Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
| Windows TCP/IP Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Microsoft Defender Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Local Spooler Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Camera Codec Pack Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows TCP/IP Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Windows Address Book Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Mobile Device Management Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability | 6.5 |
MEDIUM |
||
| Windows Trust Verification API Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Microsoft Windows Codecs Library Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Backup Engine Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Fax Service Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows DNS Server Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Microsoft Windows VMSwitch Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows TCP/IP Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Remote Procedure Call Information Disclosure Vulnerability | 7.5 |
HIGH |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| PFX Encryption Security Feature Bypass Vulnerability | 5.5 |
MEDIUM |
||
| Microsoft SharePoint Server Spoofing Vulnerability | 8 |
HIGH |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Fax Service Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Windows Security Feature Bypass Vulnerability | 8.8 |
HIGH |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows GDI+ Information Disclosure Vulnerability | 5.7 |
MEDIUM |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows LUAFV Elevation of Privilege Vulnerability | 8.8 |
HIGH |
||
| Microsoft Edge (HTML-based) Memory Corruption Vulnerability | 7.5 |
HIGH |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows (modem.sys) Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows InstallService Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Update Stack Elevation of Privilege Vulnerability | 9.8 |
CRITICAL |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Multipoint Management Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Bluetooth Security Feature Bypass Vulnerability | 5.5 |
MEDIUM |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Bluetooth Security Feature Bypass Vulnerability | 5.5 |
MEDIUM |
||
| Windows CryptoAPI Denial of Service Vulnerability | 6.5 |
MEDIUM |
||
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Print Spooler Spoofing Vulnerability | 8.8 |
HIGH |
||
| Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability | 8.8 |
HIGH |
||
| Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Remote Desktop Security Feature Bypass Vulnerability | 8.8 |
HIGH |
||
| Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| GDI+ Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Fax Compose Form Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| TPM Device Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Active Template Library Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Defender Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Microsoft splwow64 Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows WLAN Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Docker Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Bluetooth Security Feature Bypass Vulnerability | 7.7 |
HIGH |
||
| Windows SMB Information Disclosure Vulnerability | 8.1 |
HIGH |
||
| Windows Overlay Filter Security Feature Bypass Vulnerability | 7.8 |
HIGH |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Chakra Scripting Engine Memory Corruption Vulnerability | 7.5 |
HIGH |
||
| Windows Lock Screen Security Feature Bypass Vulnerability | 6.8 |
MEDIUM |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows NTFS Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows GDI+ Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Error Reporting Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 9.9 |
CRITICAL |
||
| Windows Network Connections Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Kerberos Security Feature Bypass Vulnerability | 6.5 |
MEDIUM |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Spoofing Vulnerability | 5.5 |
MEDIUM |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Defender for Endpoint Security Feature Bypass Vulnerability | 9.8 |
CRITICAL |
||
| Windows Kernel Local Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Update Stack Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows USO Core Worker Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Delivery Optimization Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows NDIS Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Update Medic Service Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
HIGH |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Microsoft Browser Memory Corruption Vulnerability | 7.5 |
HIGH |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Network File System Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Internet Explorer Memory Corruption Vulnerability | 7.5 |
HIGH |
||
| Chakra Scripting Engine Memory Corruption Vulnerability | 7.5 |
HIGH |
||
| Windows Network File System Remote Code Execution Vulnerability | 9.8 |
CRITICAL |
||
| Scripting Engine Memory Corruption Vulnerability | 8.1 |
HIGH |
||
| Windows Network File System Denial of Service Vulnerability | 7.5 |
HIGH |
||
| Chakra Scripting Engine Memory Corruption Vulnerability | 8.1 |
HIGH |
||
| Windows KernelStream Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Error Reporting Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
| Windows Print Spooler Remote Code Execution Vulnerability | 8.8 |
HIGH |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Hyper-V Security Feature Bypass Vulnerability | 9.8 |
CRITICAL |
||
| Windows Print Configuration Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Function Discovery SSDP Provider Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Canonical Display Driver Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows MSCTF Server Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Win32k Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Port Class Library Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Error Reporting Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Desktop Protocol Client Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
MEDIUM |
||
| DirectX Elevation of Privilege Vulnerability | 7.8 |
HIGH |
||
| Remote Desktop Protocol Server Information Disclosure Vulnerability | 7.7 |
HIGH |
||
A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD. |
7.2 |
HIGH |
||
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory. |
7.8 |
HIGH |
||
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerabilities by correcting how Windows Hyper-V handles objects in memory. |
8.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows iSCSI Target Service properly handles file operations. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. |
7.8 |
HIGH |
||
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server. The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory. |
7.5 |
HIGH |
||
An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how Group Policy checks access. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing. The security update addresses the vulnerability by correcting how the Windows User Profile Service handles junction points. |
7.8 |
HIGH |
||
An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory. To exploit the vulnerability, an authenticated attacker would need to run a specially crafted application. The update addresses the vulnerability by correcting how the .NET Framework handles objects in memory. |
5.5 |
MEDIUM |
||
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how the Windows COM Server creates COM objects. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. |
7.8 |
HIGH |
||
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Word handles these files. |
8.8 |
HIGH |
||
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. |
7.8 |
HIGH |
||
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services. The update addresses the vulnerability by correcting how RDP handles connection requests. |
7.5 |
HIGH |
||
A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures. |
5.5 |
MEDIUM |
||
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory. |
7.8 |
HIGH |
||
An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. An attacker who successfully exploited this vulnerability could read arbitrary files. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Windows Enterprise App Management Service properly handles file operations. |
5.5 |
MEDIUM |
||
An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Application Compatibility Client Library properly handles registry operations. |
7.8 |
HIGH |
||
An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. To exploit this vulnerability, an attacker would have to log on to an affected system and open a specially crafted file. The update addresses the vulnerability by correcting how Text Services Framework handles objects in memory. |
5.5 |
MEDIUM |
||
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how the Windows COM Server creates COM objects. |
7.8 |
HIGH |
||
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how GDI+ handles memory addresses. |
5.5 |
MEDIUM |
||
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. |
8.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory. |
7.8 |
HIGH |
||
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows. The security update addresses the vulnerability by correcting security feature behavior to enforce permissions. |
6.2 |
MEDIUM |
||
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability:
The security update addresses the vulnerability by correcting the way that the Windows GDI handles objects in the memory. |
8.8 |
HIGH |
||
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application. The security update addresses the vulnerability by correcting the way that WER handles and executes files. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application. The security update addresses the vulnerability by correcting the way that WER handles and executes files. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. |
7.8 |
HIGH |
||
A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. The vulnerability would not allow an attacker to execute code or to elevate user rights directly. The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets. |
7.5 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Event System handles objects in memory. |
7.8 |
HIGH |
||
An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how a NetBT handles objects in memory. |
5.5 |
MEDIUM |
||
A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets. |
8.8 |
HIGH |
||
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows Error Reporting manager handles process crashes. |
7.8 |
HIGH |
||
An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services. The update addresses the vulnerability by correcting how RDP handles connection requests. |
7.5 |
HIGH |
||
An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows kernel image properly handles objects in memory. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. |
7.8 |
HIGH |
||
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. |
8.8 |
HIGH |
||
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Network Connections Service properly handles objects in memory. |
7.8 |
HIGH |
||
An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows KernelStream handles objects in memory. |
5.5 |
MEDIUM |
||
An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Storage VSP Driver properly handles file operations. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Application Compatibility Client Library properly handles registry operations. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Storage Services properly handle file operations. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows UPnP service handles objects in memory. |
7.8 |
HIGH |
||
A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel. To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack. The update addresses the vulnerability by correcting how TLS components use hash algorithms. |
5.4 |
MEDIUM |
||
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Decoder handles objects. |
8.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. |
7.8 |
HIGH |
||
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory. |
4.4 |
MEDIUM |
||
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. |
5.5 |
MEDIUM |
||
An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Storage Services properly handle file operations. |
7.8 |
HIGH |
||
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Decoder handles objects. |
8.8 |
HIGH |
||
An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the vulnerability:
The security update addresses the vulnerability by ensuring the Wininit.dll properly handles objects in memory. |
8.8 |
HIGH |
||
An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory. |
7.9 |
HIGH |
||
An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Function Discovery Service properly handles objects in memory. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The security update addresses the vulnerability by checking COM objects. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the ssdpsrv.dll properly handles objects in memory. |
7.8 |
HIGH |
||
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. |
7.8 |
HIGH |
||
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability:
The security update addresses the vulnerability by correcting the way that the Windows GDI handles objects in the memory. |
8.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how DirectX handles objects in memory. |
7.8 |
HIGH |
||
A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The updates address the vulnerability by correcting how Windows handles objects in memory. |
7.8 |
HIGH |
||
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. |
6.5 |
MEDIUM |
||
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory. |
5.5 |
MEDIUM |
||
A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service. The update addresses the vulnerability by correcting how Windows DNS processes queries. |
7.5 |
HIGH |
||
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory. |
7.8 |
HIGH |
||
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory. |
7.5 |
HIGH |
||
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory. |
7.5 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Microsoft Store Runtime handles memory. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how Windows handles calls to Win32k. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations. |
7.8 |
HIGH |
||
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. |
8.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how CLFS handles objects in memory. |
7.8 |
HIGH |
||
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. |
6.5 |
MEDIUM |
||
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. |
5.5 |
MEDIUM |
||
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. |
6.5 |
MEDIUM |
||
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory. |
8.1 |
HIGH |
||
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the ssdpsrv.dll properly handles objects in memory. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how DirectX handles objects in memory. |
7.8 |
HIGH |
||
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory. |
7.8 |
HIGH |
||
A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory. |
5.5 |
MEDIUM |
||
An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory. To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by correcting how DHCP servers initializes memory. |
7.5 |
HIGH |
||
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. |
5.5 |
MEDIUM |
||
An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine. To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. An attacker could then create a group policy to grant administrator rights to a standard user. The security update addresses the vulnerability by enforcing Kerberos authentication for certain calls over LDAP. |
8.1 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the vulnerability:
The security update addresses the vulnerability by ensuring the Wininit.dll properly handles objects in memory. |
8.8 |
HIGH |
||
An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability. The security update addresses the vulnerability by correcting how Windows Projected Filesystem handle file redirections. |
5.5 |
MEDIUM |
||
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. |
5.5 |
MEDIUM |
||
A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of the Windows Camera Codec Pack. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how the Windows Camera Codec Pack handles objects in memory. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. The update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects in memory and preventing unintended elevation from user mode. |
7.8 |
HIGH |
||
A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the vulnerability, an attacker need administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code. The update addresses the vulnerability by correcting how PowerShell commands are validated when WDAC protection is enabled. |
6.7 |
MEDIUM |
||
An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and access files. The security update addresses the vulnerability by correcting the how Windows MDM Diagnostics handles files. |
5.5 |
MEDIUM |
||
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. |
5.5 |
MEDIUM |
||
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory. |
5.5 |
MEDIUM |
||
| Microsoft Graphics Component Denial of Service Vulnerability | 5.5 |
MEDIUM |
||
A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file or lure the target to a website hosting malicious JavaScript. The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory. |
8.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Function Discovery SSDP Provider handles memory. |
7.8 |
HIGH |
||
An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. |
5.5 |
MEDIUM |
||
A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a victim system. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (Chromium-based), and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. The security update addresses the vulnerability by correcting how the Windows Text Service Module handles memory. |
7.5 |
HIGH |
||
An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Modules Installer handles objects in memory. |
7.8 |
HIGH |
||
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests. |
6.5 |
MEDIUM |
||
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests. |
6.5 |
MEDIUM |
||
An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Storage Services properly handle file operations. |
7.8 |
HIGH |
||
An information disclosure vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system (low-integrity to medium-integrity). This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls. |
5.5 |
MEDIUM |
||
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory. |
7.5 |
HIGH |
||
An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system. To exploit this condition, an authenticated attacker would need to send a specially crafted request to the AD|DNS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system. The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory. |
6.5 |
MEDIUM |
||
An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting the way in which the Shell infrastructure component handles objects in memory and preventing unintended elevation from lower integrity application. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factors. To exploit this vulnerability, an attacker could send a specially crafted authentication request. This security update corrects how ADFS handles multi-factor authentication requests. |
5.3 |
MEDIUM |
||
An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how NTFS checks access. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory. |
7.8 |
HIGH |
||
A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service. The update addresses the vulnerability by correcting how Windows DNS processes queries. |
7.5 |
HIGH |
||
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Microsoft Store Runtime handles memory. |
7.8 |
HIGH |
||
An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by addressing how the Windows Cryptographic Catalog Services handle objects in memory. |
7.8 |
HIGH |
||
A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To exploit the vulnerability, an authenticated attacker could send malicious requests to an Active Directory integrated DNS (ADIDNS) server. The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory. |
8.8 |
HIGH |
||
A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To exploit the vulnerability, an authenticated attacker could send malicious requests to an Active Directory integrated DNS (ADIDNS) server. The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory. |
8.8 |
HIGH |
||
An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system. To exploit this condition, an authenticated attacker would need to send a specially crafted request to the AD|DNS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system. The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory. |
6.5 |
MEDIUM |
||
An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows RSoP Service Application handles memory. |
7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Ancillary Function Driver for WinSock handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. | 4.7 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Function Discovery SSDP Provider handles memory. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability. The security update addresses the vulnerability by modifying how MSHTML engine validates input. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains malicious PDF content. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted PDF content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how Windows handles junctions. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows WalletService properly handles objects in memory. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory. | 7.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. | 8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows CDP User Components handle memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows CDP User Components handle memory. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to improperly disclose memory. The security update addresses the vulnerability by correcting how the Windows WaasMedic Service handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Remote Access properly handles file operations. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows UPnP Device Host handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Accounts Control handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows WalletService properly handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how GDI handles objects in memory and by preventing instances of unintended user-mode privilege elevation. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how Windows Remote Access handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Custom Protocol Engine handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Radio Manager API handles memory. | 7.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Network Connection Broker handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Speech Runtime handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Speech Shell Components handle memory. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Speech Runtime handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows UPnP Device Host handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows CSC Service handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Telephony Server handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. | 8.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows CSC Service handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application. The security update addresses the vulnerability by correcting how the Storage Services handles file operations. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log onto an affected system and open a specially crafted file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The update addresses the vulnerability by correcting how Media Foundation handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information. The security update addresses the vulnerability by correcting how the WIA Service handles objects in memory. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how DirectX handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how GDI handles objects in memory and by preventing instances of unintended user-mode privilege elevation. | 7.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. | 7.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the srmsvc.dll properly handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET handle requests. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. | 10 |
CRITICAL |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information. The security update addresses the vulnerability by correcting how the WIA Service handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows handles hard links. | 10 |
CRITICAL |
||
| An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory. | 7.8 |
HIGH |
||
| A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides RD Gateway services. The update addresses the vulnerability by correcting how RD Gateway handles connection requests. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system To exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable. The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. | 7.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application. The security update addresses the vulnerability by correcting how .NET Framework processes input. | 7.8 |
HIGH |
||
| GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. | 6.4 |
MEDIUM |
||
| GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. | 6.4 |
MEDIUM |
||
| Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. | 6.4 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory, aka 'Windows SharedStream Library Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'. | 7.1 |
HIGH |
||
| An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability'. | 4.3 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory, aka 'Windows Sync Host Service Elevation of Privilege Vulnerability'. | 5.3 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'. | 4.3 |
MEDIUM |
||
| An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1354. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1438. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1419. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1428, CVE-2020-1438. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1393. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1426. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1422. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1415, CVE-2020-1422. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1336. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book (WAB), aka 'Windows Address Book Remote Code Execution Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1401. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1372. | 7.1 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1407. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog.An attacker who successfully exploited the vulnerability could execute commands with elevated permissions.The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly., aka 'Windows Lockscreen Elevation of Privilege Vulnerability'. | 6.8 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-2020-1395. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-2020-1394. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1394, CVE-2020-1395. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1392, CVE-2020-1394, CVE-2020-1395. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1419, CVE-2020-1426. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory, aka 'Windows Credential Picker Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1359. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1365. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1405. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1362. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory, aka 'Windows Print Workflow Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1389, CVE-2020-1419, CVE-2020-1426. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory, aka 'Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists in the way that the WalletService handles files, aka 'Windows WalletService Denial of Service Vulnerability'. | 7.1 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1371. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1369. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Picker Platform Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations, aka 'Windows Profile Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the way that the WalletService handles memory.To exploit the vulnerability, an attacker would first need code execution on a victim system, aka 'Windows WalletService Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Resource Policy Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1384. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka 'Windows iSCSI Target Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations, aka 'Windows System Events Broker Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1430. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows USO Core Worker Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. | 10 |
CRITICAL |
||
| An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1362, CVE-2020-1369. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points, aka 'Group Policy Services Policy Processing Elevation of Privilege Vulnerability'. | 6.7 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422. | 7.8 |
HIGH |
||
| This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'. | 4.9 |
MEDIUM |
||
| A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306. | 7.8 |
HIGH |
||
| An elevation of privilege (user to user) vulnerability exists in Windows Security Health Service when handling certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1162. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka 'Group Policy Elevation of Privilege Vulnerability'. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'. | 5.3 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server fails to properly handle messages sent from TSF clients, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Component Object Model (COM) client uses special case IIDs, aka 'Component Object Model Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1272, CVE-2020-1277, CVE-2020-1302. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1222. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1253. | 6.7 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1334. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1306, CVE-2020-1334. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1272, CVE-2020-1277, CVE-2020-1312. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver.The update addresses the vulnerability by correcting how Windows handles cabinet files., aka 'Windows Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| A vulnerability exists in the way the Windows Diagnostics & feedback settings app handles objects in memory, aka 'Windows Diagnostics & feedback Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1287. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings, aka 'OpenSSH for Windows Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1294. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotlight images from a secure location, aka 'Windows Lockscreen Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Bluetooth Service handles objects in memory, aka 'Windows Bluetooth Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1272, CVE-2020-1302, CVE-2020-1312. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1307, CVE-2020-1316. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1277, CVE-2020-1302, CVE-2020-1312. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1261. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1263. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 7.8 |
HIGH |
||
| A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged, aka 'Windows Host Guardian Service Security Feature Bypass Vulnerability'. | 4.3 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 6.7 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1310. | 6.7 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when Windows Modules Installer Service improperly handles class object members.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Modules Installer Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1253, CVE-2020-1310. | 6.7 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'. | 5.3 |
MEDIUM |
||
| A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1120. | 7.1 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1238. | 8.8 |
HIGH |
||
| A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization., aka 'Windows Kernel Security Feature Bypass Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 7.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1239. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1208. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1260. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'. | 6.1 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1309. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1230, CVE-2020-1260. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Information Disclosure Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when an OLE Automation component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'OLE Automation Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1247, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1236. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. | 7.1 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way the Windows Now Playing Session Manager handles objects in memory, aka 'Windows Now Playing Session Manager Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists when Windows Registry improperly handles filesystem operations, aka 'Windows Registry Denial of Service Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory, aka 'Windows Print Configuration Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1170. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege (user to user) vulnerability exists in Windows Security Health Service when handling certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1324. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 8.1 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0915. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0916. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1191. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1190, CVE-2020-1191. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1141, CVE-2020-1145. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1175. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1175, CVE-2020-1176. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1176. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1164. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1158, CVE-2020-1164. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1145, CVE-2020-1179. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1054. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1150. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles file and folder links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1136, CVE-2020-1150. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1111, CVE-2020-1165, CVE-2020-1166. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1084. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory, aka 'Microsoft Color Management Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges, aka 'Microsoft Windows Transport Layer Security Denial of Service Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1087. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | 9.9 |
CRITICAL |
||
| A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka 'Windows Task Scheduler Security Feature Bypass Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1109. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1121, CVE-2020-1165, CVE-2020-1166. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1110. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1060. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Remote Code Execution Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1062. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1114. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1021, CVE-2020-1082. | 7.8 |
HIGH |
||
| A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values.An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service validates certain function values., aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1123. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows fails to properly handle objects in memory, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1010, CVE-2020-1068. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1021, CVE-2020-1088. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka 'Windows Subsystem for Linux Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog, aka 'Windows Remote Access Common Dialog Elevation of Privilege Vulnerability'. | 6.8 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1048. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1010, CVE-2020-1079. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka 'MSHTML Engine Remote Code Execution Vulnerability'. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Microsoft Script Runtime handles objects in memory, aka 'Microsoft Script Runtime Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1092. | 7.5 |
HIGH |
||
| A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'. | 4.3 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1093. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | 8.1 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1060, CVE-2020-1093. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143. | 7.8 |
HIGH |
||
| A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'. | 6.1 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1174, CVE-2020-1175, CVE-2020-1176. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1058, CVE-2020-1060, CVE-2020-1093. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1126, CVE-2020-1136, CVE-2020-1150. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1068, CVE-2020-1079. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1082, CVE-2020-1088. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets.To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to properly handle these network packets., aka 'Windows Hyper-V Denial of Service Vulnerability'. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1141, CVE-2020-1145, CVE-2020-1179. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0942, CVE-2020-0944. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory, aka 'Windows Push Notification Service Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0940, CVE-2020-1001, CVE-2020-1006. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-0983, CVE-2020-1009, CVE-2020-1011. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-0983, CVE-2020-1011, CVE-2020-1015. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows System Assessment Tool improperly handles file operations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-0983, CVE-2020-1009, CVE-2020-1015. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0821. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0982, CVE-2020-0987. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0940, CVE-2020-1001, CVE-2020-1017. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1027. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1003, CVE-2020-1027. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0940, CVE-2020-1006, CVE-2020-1017. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'. | 7.1 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0985. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-1008. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0999, CVE-2020-1008. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0996. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0982, CVE-2020-1005. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0987, CVE-2020-1005. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-1009, CVE-2020-1011, CVE-2020-1015. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0968. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0966. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0967. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0699. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0956, CVE-2020-0957. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure in CPU Memory Access'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0957, CVE-2020-0958. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008. | 7.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0948, CVE-2020-0949. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0949, CVE-2020-0950. | 8.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0948, CVE-2020-0950. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0937, CVE-2020-0939, CVE-2020-0946, CVE-2020-0947. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0937, CVE-2020-0939, CVE-2020-0945, CVE-2020-0947. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0942, CVE-2020-1029. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1001, CVE-2020-1006, CVE-2020-1017. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0944, CVE-2020-1029. | 7.1 |
HIGH |
||
| A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections, aka 'Windows Scheduled Task Elevation of Privilege Vulnerability'. | 7.1 |
HIGH |
||
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0939, CVE-2020-0945, CVE-2020-0946, CVE-2020-0947. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows WpcDesktopMonSvc improperly manages memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0983, CVE-2020-1009, CVE-2020-1011, CVE-2020-1015. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0918. | 6.8 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0917. | 6.8 |
MEDIUM |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | 8.4 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1000, CVE-2020-1003, CVE-2020-1027. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0784. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1007. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0888. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0962. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Module Management Software before version 1.0.0.3461 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0849. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. | 4.3 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0788, CVE-2020-0877. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0881. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0883. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0880. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0880, CVE-2020-0882. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0882. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0788, CVE-2020-0887. | 7.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0809. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka 'Windows Network Connections Service Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0868. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0867. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0866, CVE-2020-0897. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0897. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0770, CVE-2020-0773. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0776. | 7.8 |
HIGH |
||
| An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. | 7.1 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0896. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0842. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0849, CVE-2020-0896. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0843. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0841, CVE-2020-0849, CVE-2020-0896. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations, aka 'Windows Device Setup Manager Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0842, CVE-2020-0843. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0811. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0812. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way the Provisioning Runtime validates certain file operations, aka 'Provisioning Runtime Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0869. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0772. | 7.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0809, CVE-2020-0869. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0804, CVE-2020-0845. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0845. | 7.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0807, CVE-2020-0809, CVE-2020-0869. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0898. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0877, CVE-2020-0887. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 7.1 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0783. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0781. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0798, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0858. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0874, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0806. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0770, CVE-2020-0860. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0773, CVE-2020-0860. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0769. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0771. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Defender Security Center Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0762. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 9.8 |
CRITICAL |
||
| A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands, aka 'Windows SSH Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0754. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0753. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0756. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0667, CVE-2020-0735. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0750. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0659. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0755, CVE-2020-0756. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0715, CVE-2020-0792. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0749, CVE-2020-0750. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749, CVE-2020-0750. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0743, CVE-2020-0749, CVE-2020-0750. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0737. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749, CVE-2020-0750. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the tapisrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0739. | 7.8 |
HIGH |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0681. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0667, CVE-2020-0752. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 7.1 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726. | 7.8 |
HIGH |
||
| An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0731. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0726, CVE-2020-0731. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0716. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0745, CVE-2020-0792. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0713, CVE-2020-0767. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0767. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows IME improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows IME Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Imaging Library improperly handles memory.To exploit this vulnerability, an attacker would first have to coerce a victim to open a specially crafted file.The security update addresses the vulnerability by correcting how the Windows Imaging Library handles memory., aka 'Windows Imaging Library Remote Code Execution Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists in the way that affected Microsoft browsers handle cross-origin requests, aka 'Microsoft Browser Information Disclosure Vulnerability'. | 4.3 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Wireless Network Manager improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Wireless Network Manager Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Client License Service (ClipSVC) handles objects in memory, aka 'Windows Client License Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Telephony Service improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A security feature bypass vulnerability exists in secure boot, aka 'Microsoft Secure Boot Security Feature Bypass Vulnerability'. | 6.7 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0683. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0679, CVE-2020-0680. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0679, CVE-2020-0682. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0734. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0680, CVE-2020-0682. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0668, CVE-2020-0669, CVE-2020-0671, CVE-2020-0672. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0668, CVE-2020-0669, CVE-2020-0670, CVE-2020-0672. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0668, CVE-2020-0669, CVE-2020-0670, CVE-2020-0671. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0668, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0667, CVE-2020-0735, CVE-2020-0752. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0735, CVE-2020-0752. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | 4.2 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'. | 8.1 |
HIGH |
||
| A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. | 7.5 |
HIGH |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0751. | 6.8 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0747. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | 8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. | 5.9 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0635. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'. | 9.8 |
CRITICAL |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0624. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka 'Remote Desktop Web Access Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0615. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0644. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0632, CVE-2020-0633. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0633. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Hyper-V Denial of Service Vulnerability'. | 6 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka 'Microsoft Cryptographic Services Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'. | 4.4 |
MEDIUM |
||
| An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0639. | 5.5 |
MEDIUM |
||
| A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. | 7.5 |
HIGH |
||
| A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610. | 9.8 |
CRITICAL |
||
| A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609. | 9.8 |
CRITICAL |
||
| A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606. | 8.8 |
HIGH |
||
| A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. | 8.1 |
HIGH |
||
| A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'. | 3.3 |
LOW |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1476. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1483. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | 8.2 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1474. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1472. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | 6 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1466. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1466, CVE-2019-1467. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1467. | 6.5 |
MEDIUM |
||
| A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. | 7.5 |
HIGH |
||
| SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used. | 10 |
CRITICAL |
||
| A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1419. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1436. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1437. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1437, CVE-2019-1438. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1429. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1427, CVE-2019-1428, CVE-2019-1429. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1428, CVE-2019-1429. | 7.5 |
HIGH |
||
| A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel, aka 'NetLogon Security Feature Bypass Vulnerability'. | 8.1 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1423. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1456. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1422, CVE-2019-1423. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1383. | 7.8 |
HIGH |
||
| An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | 3.3 |
LOW |
||
| An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. | 7 |
HIGH |
||
| A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls, aka 'Microsoft Edge Security Feature Bypass Vulnerability'. | 4.3 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1434. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Windows Remote Procedure Call Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1432. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1397. | 8.4 |
HIGH |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1310. | 6.2 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1408, CVE-2019-1434. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1398. | 8.4 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 7.5 |
HIGH |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2018-12207. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1417. | 7.8 |
HIGH |
||
| A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. | 9.9 |
CRITICAL |
||
| An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication, aka 'Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1383, CVE-2019-1417. | 7.8 |
HIGH |
||
| A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'. | 5.3 |
MEDIUM |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1310, CVE-2019-1399. | 6.8 |
MEDIUM |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1399. | 6.8 |
MEDIUM |
||
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721. | 9.1 |
CRITICAL |
||
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719. | 9.1 |
CRITICAL |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1309, CVE-2019-1310, CVE-2019-1399. | 6.8 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1334. | 5.5 |
MEDIUM |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347. | 6.5 |
MEDIUM |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608. | 4.3 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1358. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests., aka 'Microsoft IIS Server Elevation of Privilege Vulnerability'. | 9.9 |
CRITICAL |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335. | 7.5 |
HIGH |
||
| A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'. | 4.6 |
MEDIUM |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'. | 5.9 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka 'Microsoft Windows CloudStore Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1336. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems, aka 'Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability'. | 5.5 |
MEDIUM |
||
| A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1323. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1322. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka 'Windows Power Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357. | 4.3 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'. | 5.9 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Information Disclosure Vulnerability'. | 6.8 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239. | 6.4 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1238. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1308, CVE-2019-1335, CVE-2019-1366. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1335, CVE-2019-1366. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'. | 7.3 |
HIGH |
||
| A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka 'Windows Network Connectivity Assistant Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1291. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1290. | 8.8 |
HIGH |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 4.9 |
MEDIUM |
||
| An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'. | 4.6 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1300. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1278. | 7.8 |
HIGH |
||
| An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1272. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege exists in hdAudio.sys which may lead to an out of band write, aka 'Windows Media Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1269. | 7.8 |
HIGH |
||
| A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'. | 5.4 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1256. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1252. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1249, CVE-2019-1250. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1250. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1245. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1285. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'. | 4.3 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1208. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298, CVE-2019-1300. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM. | 5.6 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. | 4.2 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. | 4.2 |
MEDIUM |
||
| An elevation of privilege exists in SyncController.dll. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the SyncController.dll handles processes these requests. | 6.5 |
MEDIUM |
||
| A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could cause the DHCP service to become nonresponsive. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed. The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets. | 7.5 |
HIGH |
||
| A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. To exploit the vulnerability, a remote unauthenticated attacker could send a specially crafted packet to an affected DHCP server. The security update addresses the vulnerability by correcting how DHCP servers handle network packets. | 9.8 |
CRITICAL |
||
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. | 9.8 |
CRITICAL |
||
| A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services. The update addresses the vulnerability by correcting how RDP handles connection requests. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. | 9.8 |
CRITICAL |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the psmsrv.dll properly handles objects in memory. | 7 |
HIGH |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how DirectX handles objects in memory. | 7 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the rpcss.dll properly handles objects in memory. | 7 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the ssdpsrv.dll properly handles objects in memory. | 7 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the unistore.dll properly handles objects in memory. | 7 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the wcmsvc.dll properly handles objects in memory. | 7 |
HIGH |
||
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. | 9.8 |
CRITICAL |
||
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. | 9.8 |
CRITICAL |
||
| This information is being revised to indicate that this CVE (CVE-2019-1183) is fully mitigated by the security updates for the vulnerability discussed in CVE-2019-1194. No update is required. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting unprotected COM calls. | 6.7 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the wcmsvc.dll properly handles objects in memory. | 7 |
HIGH |
||
| A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system. The security update addresses the vulnerability by correcting the processing of shortcut LNK references. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows kernel image properly handles objects in memory. | 7.8 |
HIGH |
||
| A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how affected Microsoft browsers handle different-origin requests. | 4.3 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory. | 6.4 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. | 4.2 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC. | 7.8 |
HIGH |
||
| A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. To exploit the vulnerability, an attacker could modify a signed CAB file and inject malicious code. The attacker could then convince a target user to execute the file. The update addresses the vulnerability by correcting how Windows validates file signatures. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. | 7.8 |
HIGH |
||
| An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the p2pimsvc service handles processes these requests. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by preventing sandboxed processes from creating reparse points targeting inaccessible files. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability through a software change to the OAEP decoding operations. | 5.6 |
MEDIUM |
||
| An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. To exploit the vulnerability, an attacker would have to trick a user into browsing to a specially crafted website, allowing the attacker to steal the user's token. The security update addresses the vulnerability by correcting how MSA handles cookies. | 4.3 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the PsmServiceExtHost.dll properly handles objects in memory. | 7 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the PsmServiceExtHost.dll properly handles objects in memory. | 7 |
HIGH |
||
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Windows Hyper-V Network Switch validates guest operating system network traffic. | 8 |
HIGH |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch. | 5.8 |
MEDIUM |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. | 7.6 |
HIGH |
||
| An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The update addresses the vulnerability by modifying how Microsoft Edge based on Edge HTML handles objects in memory. | 4.3 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. | 4.2 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. | 4.2 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. | 4.2 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | 8.8 |
HIGH |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch. | 5.8 |
MEDIUM |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch. | 5.8 |
MEDIUM |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory. | 5.8 |
MEDIUM |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch. | 5.8 |
MEDIUM |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch. | 5.8 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1128. | 8.8 |
HIGH |
||
| A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0975. | 5.3 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1127, CVE-2019-1128. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1106. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1107. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1106, CVE-2019-1107. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1087, CVE-2019-1088. | 7.8 |
HIGH |
||
| An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1086, CVE-2019-1088. | 7.8 |
HIGH |
||
| An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1086, CVE-2019-1087. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request. To exploit this vulnerability, a low level authenticated attacker could run a specially crafted application. The security update addresses this vulnerability by correcting how rpcss.dll handles these requests., aka 'Windows RPCSS Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrlvr.dll Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory, aka 'Microsoft unistore.dll Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1093. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1004, CVE-2019-1056, CVE-2019-1059. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1056, CVE-2019-1059. | 7.5 |
HIGH |
||
| An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 7 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1056. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1092, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1073. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Microsoft Windows where certain folders, with local service privilege, are vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could potentially access unauthorized information. The update addresses this vulnerability by not allowing symbolic links in these scenarios., aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1082. | 5.5 |
MEDIUM |
||
| A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries, aka 'Windows DNS Server Denial of Service Vulnerability'. | 7.5 |
HIGH |
||
| A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digital signature.An attacker could exploit the vulnerability by creating a specially crafted connection or message.The security update addresses the vulnerability by correcting the way SymCrypt handles digital signatures., aka 'SymCrypt Denial of Service Vulnerability'. | 7.5 |
HIGH |
||
| A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | 8 |
HIGH |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | 6.8 |
MEDIUM |
||
| A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security update corrects how ADFS updates its list of banned IP addresses., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-1126. | 6.3 |
MEDIUM |
||
| A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'. | 9.8 |
CRITICAL |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1052. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts, aka 'Windows Shell Elevation of Privilege Vulnerability'. | 8.8 |
HIGH |
||
| A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW), aka 'Microsoft Edge Security Feature Bypass Vulnerability'. | 5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1080. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1041. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1055. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka 'Microsoft Browser Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1007, CVE-2019-1021, CVE-2019-1026, CVE-2019-1027, CVE-2019-1028. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0990. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1051, CVE-2019-1052. | 7.5 |
HIGH |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1007, CVE-2019-1021, CVE-2019-1022, CVE-2019-1027, CVE-2019-1028. | 7.8 |
HIGH |
||
| An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1007, CVE-2019-1021, CVE-2019-1022, CVE-2019-1026, CVE-2019-1028. | 7.8 |
HIGH |
||
| An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1007, CVE-2019-1021, CVE-2019-1022, CVE-2019-1026, CVE-2019-1027. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'. | 5.9 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1065. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'. | 6.8 |
MEDIUM |
||
| A security feature bypass vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system, aka 'Windows Secure Kernel Mode Security Feature Bypass Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 7.1 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1023. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0983. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1055, CVE-2019-1080. | 7.5 |
HIGH |
||
| An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1021, CVE-2019-1022, CVE-2019-1026, CVE-2019-1027, CVE-2019-1028. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0960, CVE-2019-1017. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0960, CVE-2019-1014. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. | 8.5 |
HIGH |
||
| An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1007, CVE-2019-1022, CVE-2019-1026, CVE-2019-1027, CVE-2019-1028. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0711, CVE-2019-0713. | 6.8 |
MEDIUM |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0710, CVE-2019-0713. | 6.8 |
MEDIUM |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0710, CVE-2019-0711. | 6.8 |
MEDIUM |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0620, CVE-2019-0709. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory, aka 'ActiveX Data Objects (ADO) Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0909, CVE-2019-0974. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0974. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0988, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080. | 7.5 |
HIGH |
||
| A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests, aka 'Microsoft IIS Server Denial of Service Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity, aka 'Windows Event Viewer Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0984. | 7.8 |
HIGH |
||
| This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0998. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0959. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0709, CVE-2019-0722. | 8.4 |
HIGH |
||
| A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981. | 7.5 |
HIGH |
||
| A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0758, CVE-2019-0882. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0937. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0734. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | 9 |
CRITICAL |
||
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in the Unified Write Filter (UWF) feature for Windows 10 when it improperly restricts access to the registry, aka 'Unified Write Filter Elevation of Privilege Vulnerability'. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0884, CVE-2019-0918. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0884, CVE-2019-0911. | 7.5 |
HIGH |
||
| An spoofing vulnerability exists when Internet Explorer improperly handles URLs, aka 'Internet Explorer Spoofing Vulnerability'. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0933, CVE-2019-0937. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'. | 7 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0758, CVE-2019-0961. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0911, CVE-2019-0918. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | 6.8 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0901, CVE-2019-0902. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0902. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level, aka 'Windows NDIS Elevation of Privilege Vulnerability'. | 7 |
HIGH |
||
| A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Remote Code Execution Vulnerability'. | 9.8 |
CRITICAL |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'. | 5.3 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this vulnerability by changing how these requests are validated., aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0936. | 8.1 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0882, CVE-2019-0961. | 6.5 |
MEDIUM |
||
| A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0879. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'. | 7.2 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0861. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0753. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0838. | 4.4 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0844. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0840. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content, aka 'Windows IOleCvt Interface Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0814. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0802. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0877, CVE-2019-0879. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0860, CVE-2019-0861. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka 'Microsoft Edge Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory, aka 'Microsoft Scripting Engine Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0841. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0839. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0848. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0793, CVE-2019-0795. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when OLE automation improperly handles objects in memory, aka 'OLE Automation Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0849. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0836, CVE-2019-0841. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0803, CVE-2019-0859. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841. | 7.8 |
HIGH |
||
| A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Security Feature Bypass Vulnerability'. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0752, CVE-2019-0753, CVE-2019-0862. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0862. | 7.5 |
HIGH |
||
| A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions, aka 'Microsoft Browsers Tampering Vulnerability'. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine, aka 'SMB Server Elevation of Privilege Vulnerability'. | 9.8 |
CRITICAL |
||
| An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0775. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka 'Windows ActiveX Remote Code Execution Vulnerability'. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0703, CVE-2019-0704. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0773, CVE-2019-0783. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0667. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0783. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0614. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0782. | 4.7 |
MEDIUM |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects in memory, aka 'Windows Print Spooler Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0768. | 6.5 |
MEDIUM |
||
| A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'. | 4.3 |
MEDIUM |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0775, CVE-2019-0782. | 5.5 |
MEDIUM |
||
| A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761. | 4.3 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783. | 7.5 |
HIGH |
||
| A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0698, CVE-2019-0726. | 9.8 |
CRITICAL |
||
| A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0726. | 9.8 |
CRITICAL |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0695. | 6.8 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0755, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0703, CVE-2019-0821. | 6.5 |
MEDIUM |
||
| A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0698. | 9.8 |
CRITICAL |
||
| An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | 6.8 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0689, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0695, CVE-2019-0701. | 6.8 |
MEDIUM |
||
| An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0693, CVE-2019-0694. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0692, CVE-2019-0694. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0692, CVE-2019-0693. | 7.8 |
HIGH |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0701. | 6.8 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0666, CVE-2019-0667, CVE-2019-0772. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0774. | 6.5 |
MEDIUM |
||
| A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass Vulnerability'. | 5.3 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0592. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions. The security update addresses the vulnerability by correcting how Windows Deployment Services TFTP Server handles objects in memory, aka 'Windows Deployment Services TFTP Server Remote Code Execution Vulnerability'. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0611. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0599, CVE-2019-0625. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0625. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0601. | 4.7 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0600. | 4.7 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0662. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0660, CVE-2019-0664. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0661, CVE-2019-0663. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599. | 7.8 |
HIGH |
||
| A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'. | 9.8 |
CRITICAL |
||
| A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0631, CVE-2019-0632. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633. | 8.8 |
HIGH |
||
| A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0627, CVE-2019-0632. | 7.8 |
HIGH |
||
| A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0627, CVE-2019-0631. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0630. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0645, CVE-2019-0650. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | 6.2 |
MEDIUM |
||
| An information vulnerability exists when Windows improperly discloses file information, aka 'Windows Information Disclosure Vulnerability'. | 5.5 |
MEDIUM |
||
| A security feature bypass vulnerability exists when Windows Defender Firewall incorrectly applies firewall profiles to cellular network connections, aka 'Windows Defender Firewall Security Feature Bypass Vulnerability'. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. | 7.5 |
HIGH |
||
| A security feature bypass vulnerability exists in Microsoft Edge handles whitelisting, aka 'Microsoft Edge Security Feature Bypass Vulnerability'. | 5.9 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'. | 4.3 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0634, CVE-2019-0650. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory, aka Scripting Engine Information Disclosure Vulnerability. This CVE ID is unique from CVE-2019-0658. | 4.3 |
MEDIUM |
||
| A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileged Vulnerability'. | 8.1 |
HIGH |
||
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0634, CVE-2019-0645. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0652, CVE-2019-0655. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0655. | 7.5 |
HIGH |
||
| A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects, aka 'Microsoft Browser Spoofing Vulnerability'. | 4.3 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7 |
HIGH |
||
| A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'. | 5.9 |
MEDIUM |
||
| An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0648. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'. | 7 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0664. | 6.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0618. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0549, CVE-2019-0554, CVE-2019-0569. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0554, CVE-2019-0569. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2019-0551. | 8.4 |
HIGH |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0550. | 8.4 |
HIGH |
||
| An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka "Windows Subsystem for Linux Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0569. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft XmlDocument Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. | 8.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0567. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0554. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka "Windows Runtime Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0572, CVE-2019-0573, CVE-2019-0574. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0573, CVE-2019-0574. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0574. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0583, CVE-2019-0584. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0584. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8621, CVE-2018-8622. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory, aka "Remote Procedure Call runtime Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
MEDIUM |
||
| A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka ".NET Framework Denial Of Service Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2. | 9.8 |
CRITICAL |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8617, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8596. | 6.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8595. | 6.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
HIGH |
||
| A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values, aka "Connected User Experiences and Telemetry Service Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8624, CVE-2018-8629. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8629. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka "Windows DNS Server Heap Overflow Vulnerability." This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers. | 9.8 |
CRITICAL |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory, aka "Microsoft Text-To-Speech Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass, aka "Win32k Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. | 5.5 |
MEDIUM |
||
| An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 10, Windows Server 2019. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8641. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8639. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | 7.5 |
HIGH |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 10, Windows Server 2019. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver improperly initializes objects in memory, aka "MSRPC Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
MEDIUM |
||
| A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
HIGH |
||
| A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard, aka "Microsoft JScript Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 5.3 |
MEDIUM |
||
| An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory, aka "Windows Audio Service Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. | 5.5 |
MEDIUM |
||
| An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory, aka "Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 8.1, Windows 7, Windows Server 2019. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10 Servers. | 9.8 |
CRITICAL |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8554, CVE-2018-8561. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
HIGH |
||
| An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. | 4.3 |
MEDIUM |
||
| A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directory Federation Services XSS Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 5.4 |
MEDIUM |
||
| A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 5.5 |
MEDIUM |
||
| An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2018-8485, CVE-2018-8561. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8557, CVE-2018-8588. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8588. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8485, CVE-2018-8554. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
HIGH |
||
| A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | 4.3 |
MEDIUM |
||
| A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 4.6 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557. | 7.5 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows Server 2019. | 6.4 |
MEDIUM |
||
| Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted. | 7.5 |
HIGH |
||
| A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 4.3 |
MEDIUM |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
MEDIUM |
||
| An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka "Microsoft Filter Manager Elevation Of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7 |
HIGH |
||
| An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008. | 7.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8491. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8509. | 7.5 |
HIGH |
||
| An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8482. | 3.1 |
LOW |
||
| An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8481. | 3.1 |
LOW |
||
| An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 7.8 |
HIGH |
||
| An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8490. | 8.4 |
HIGH |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2018-8489. | 8.4 |
HIGH |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8460. | 7.5 |
HIGH |
||
| A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 5.3 |
MEDIUM |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
HIGH |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 7.8 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8505, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513. | 7.5 |
HIGH |
||
| An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. | 5.5 |
MEDIUM |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8511, CVE-2018-8513. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8513. | 7.5 |
HIGH |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8511. | 7.5 |
HIGH |
||
| The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability." | 7.6 |
2024©
tesweb SA
