CPE Details
Microsoft Windows Server 2016 Standard Edition on X64
-
2019-05-07
10h12 +00:00
10h12 +00:00
2021-06-24
14h44 +00:00
14h44 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:o:microsoft:windows_server_2016:-:-:*:*:standard:*:x64:*
Informations
Vendor
microsoftProduct
windows_server_2016Version
-Update
-Software Edition
standardTarget Hardware
x64Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Core Messaging Elevation of Privileges Vulnerability | 7 |
Haute |
||
| Internet Connection Sharing (ICS) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Internet Connection Sharing (ICS) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Internet Connection Sharing (ICS) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Core Messaging Elevation of Privileges Vulnerability | 7 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| NTLM Hash Disclosure Spoofing Vulnerability | 6.5 |
Moyen |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kerberos Denial of Service Vulnerability | 5.9 |
Moyen |
||
| Windows Remote Desktop Configuration Service Tampering Vulnerability | 6.8 |
Moyen |
||
| Windows Deployment Services Denial of Service Vulnerability | 6 |
Moyen |
||
| Windows NTFS Elevation of Privilege Vulnerability | 3.3 |
Bas |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Disk Cleanup Tool Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Setup Files Cleanup Elevation of Privilege Vulnerability | 7.1 |
Haute |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Storage Elevation of Privilege Vulnerability | 7.1 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Digest Authentication Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft Digest Authentication Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| MapUrlToZone Security Feature Bypass Vulnerability | 8.8 |
Haute |
||
| Windows Kerberos Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows CSC Service Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| GDI+ Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Cryptographic Information Disclosure Vulnerability | 5.6 |
Moyen |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.3 |
Haute |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Smart Card Reader Information Disclosure Vulnerability | 2.4 |
Bas |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows Themes Spoofing Vulnerability | 6.5 |
Moyen |
||
| Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows upnphost.dll Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows MapUrlToZone Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Event Tracing Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| MapUrlToZone Security Feature Bypass Vulnerability | 4.3 |
Moyen |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| IP Helper Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | 5.9 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 4.6 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.8 |
Moyen |
||
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability | 6.1 |
Moyen |
||
| Active Directory Federation Server Spoofing Vulnerability | 6.5 |
Moyen |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 7.5 |
Haute |
||
| MapUrlToZone Security Feature Bypass Vulnerability | 4.3 |
Moyen |
||
| MapUrlToZone Security Feature Bypass Vulnerability | 4.3 |
Moyen |
||
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | 6.2 |
Moyen |
||
| Windows NTLM Spoofing Vulnerability | 6.5 |
Moyen |
||
| Windows upnphost.dll Denial of Service Vulnerability | 7.5 |
Haute |
||
| MapUrlToZone Security Feature Bypass Vulnerability | 4.3 |
Moyen |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows SmartScreen Spoofing Vulnerability | 6.5 |
Moyen |
||
| Windows Remote Desktop Services Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Geolocation Service Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Kerberos Security Feature Bypass Vulnerability | 7.8 |
Haute |
||
| Windows OLE Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Remote Desktop Services Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| BranchCache Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Microsoft Digest Authentication Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows COM Server Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Virtual Trusted Platform Module Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft COM for Windows Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Virtual Trusted Platform Module Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows COM Server Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 4.3 |
Moyen |
||
| MapUrlToZone Security Feature Bypass Vulnerability | 4.3 |
Moyen |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows WLAN AutoConfig Service Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Digital Media Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kerberos Information Disclosure Vulnerability | 5.9 |
Moyen |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 4.6 |
Moyen |
||
| Windows BitLocker Information Disclosure Vulnerability | 4.2 |
Moyen |
||
| Windows BitLocker Information Disclosure Vulnerability | 4.2 |
Moyen |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.4 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Desktop Services Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Remote Desktop Services Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows File Explorer Information Disclosure Vulnerability | 6.8 |
Moyen |
||
| Windows IP Routing Management Snapin Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Input Method Editor (IME) Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Task Scheduler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Remote Desktop Services Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Remote Desktop Services Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Remote Desktop Services Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Remote Desktop Services Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| WmsRepair Service Elevation of Privilege Vulnerability | 7.3 |
Haute |
||
| Windows Remote Desktop Services Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Domain Name Service Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Task Scheduler Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Active Directory Certificate Services Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Package Library Manager Information Disclosure Vulnerability | 6.2 |
Moyen |
||
| Windows Registry Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows KDC Proxy Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| NTLM Hash Disclosure Spoofing Vulnerability | 6.5 |
Moyen |
||
| Windows DNS Spoofing Vulnerability | 7.5 |
Haute |
||
| Windows USB Video Class System Driver Elevation of Privilege Vulnerability | 6.8 |
Moyen |
||
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability | 7.8 |
Haute |
||
| Windows Client-Side Caching Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows USB Video Class System Driver Elevation of Privilege Vulnerability | 6.8 |
Moyen |
||
| Windows USB Video Class System Driver Elevation of Privilege Vulnerability | 6.8 |
Moyen |
||
| Windows USB Video Class System Driver Elevation of Privilege Vulnerability | 6.8 |
Moyen |
||
| Windows USB Video Class System Driver Elevation of Privilege Vulnerability | 6.8 |
Moyen |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows NT OS Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Winlogon Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Hyper-V Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Management Console Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Hyper-V Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| NT OS Kernel Elevation of Privilege Vulnerability | 7.4 |
Haute |
||
| Windows Storage Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Secure Channel Spoofing Vulnerability | 7.4 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kerberos Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Hyper-V Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Kernel Denial of Service Vulnerability | 5 |
Moyen |
||
| Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Standards-Based Storage Management Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 7.5 |
Haute |
||
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Remote Desktop Services Tampering Vulnerability | 7.4 |
Haute |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Netlogon Elevation of Privilege Vulnerability | 9 |
Critique |
||
| BranchCache Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | 6.7 |
Moyen |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | 7.8 |
Haute |
||
| Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | 6.7 |
Moyen |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows MSHTML Platform Spoofing Vulnerability | 8.1 |
Haute |
||
| Windows Kernel-Mode Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Graphics Component Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Remote Registry Service Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability | 7.5 |
Haute |
||
| BitLocker Security Feature Bypass Vulnerability | 6.4 |
Moyen |
||
| BranchCache Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 6.5 |
Moyen |
||
| Windows Security Zone Mapping Security Feature Bypass Vulnerability | 7.8 |
Haute |
||
| Windows MSHTML Platform Spoofing Vulnerability | 8.8 |
Haute |
||
| Windows Networking Information Disclosure Vulnerability | 7.7 |
Haute |
||
| Windows Remote Desktop Licensing Service Spoofing Vulnerability | 9.8 |
Critique |
||
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 7.1 |
Haute |
||
| Windows Network Address Translation (NAT) Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Remote Desktop Licensing Service Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Microsoft AllJoyn API Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.2 |
Haute |
||
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Networking Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Networking Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Networking Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
Moyen |
||
| PowerShell Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Kernel-Mode Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Authentication Information Disclosure Vulnerability | 6.2 |
Moyen |
||
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 9.8 |
Critique |
||
| DHCP Server Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Standards-Based Storage Management Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows DNS Spoofing Vulnerability | 7.5 |
Haute |
||
| Windows Initial Machine Configuration Elevation of Privilege Vulnerability | 6.8 |
Moyen |
||
| Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows OLE Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | 7.5 |
Haute |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | 4.2 |
Moyen |
||
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Deployment Services Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Clipboard Virtual Channel Extension Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows IP Routing Management Snapin Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows IP Routing Management Snapin Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows IP Routing Management Snapin Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 8.1 |
Haute |
||
| Windows Power Dependency Coordinator Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows TCP/IP Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 6.5 |
Moyen |
||
| Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.5 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Scripting Engine Memory Corruption Vulnerability | 7.5 |
Haute |
||
| Windows Network Virtualization Remote Code Execution Vulnerability | 9.1 |
Critique |
||
| Windows Network Virtualization Remote Code Execution Vulnerability | 9.1 |
Critique |
||
| Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems. If there are any further updates regarding mitigations for this vulnerability, this CVE will be updated and customers will be notified. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert if an update occurs. Details A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability. Microsoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems. If there are any further... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202 | 7.3 |
Haute |
||
| Summary: Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Update: August 13, 2024 Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562. Details: A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn. The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS. Microsoft is developing a security... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302 | 6.7 |
Moyen |
||
| Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue | 7.8 |
Haute |
||
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability | 5.9 |
Moyen |
||
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | 7.3 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | 7.8 |
Haute |
||
| Windows Enroll Engine Security Feature Bypass Vulnerability | 7 |
Haute |
||
| Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.8 |
Moyen |
||
| BitLocker Security Feature Bypass Vulnerability | 6.8 |
Moyen |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Workstation Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| PowerShell Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| DHCP Server Service Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| PowerShell Elevation of Privilege Vulnerability | 7.3 |
Haute |
||
| Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Themes Spoofing Vulnerability | 6.5 |
Moyen |
||
| Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows Line Printer Daemon Service Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 8.4 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 8.8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 4.7 |
Moyen |
||
| Windows MultiPoint Services Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows MSHTML Platform Spoofing Vulnerability | 7.5 |
Haute |
||
| Windows Fax Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows File Explorer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft WS-Discovery Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows TCP/IP Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability | 7.5 |
Haute |
||
| Windows Imaging Component Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft Windows Codecs Library Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft Windows Codecs Library Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| PowerShell Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Filtering Platform Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows Image Acquisition Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Windows Server Backup Elevation of Privilege Vulnerability | 6.7 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Windows iSCSI Service Denial of Service Vulnerability | 5.3 |
Moyen |
||
| Windows Cryptographic Services Security Feature Bypass Vulnerability | 7.5 |
Haute |
||
| Windows NTLM Spoofing Vulnerability | 7.1 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 8.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Storage Elevation of Privilege Vulnerability | 7.3 |
Haute |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Streaming Service Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Standards-Based Storage Management Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Winlogon Elevation of Privilege Vulnerability | 5.5 |
Moyen |
||
| Winlogon Elevation of Privilege Vulnerability | 5.5 |
Moyen |
||
| Windows Themes Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 6.7 |
Moyen |
||
| Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Wi-Fi Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows OLE Remote Code Execution Vulnerability | 8 |
Haute |
||
| Windows Container Manager Service Elevation of Privilege Vulnerability | 6.8 |
Moyen |
||
| DHCP Server Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 4.7 |
Moyen |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows MSHTML Platform Security Feature Bypass Vulnerability | 8.8 |
Haute |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 5.5 |
Moyen |
||
| Windows Deployment Services Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
Moyen |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Cryptographic Services Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| DHCP Server Service Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Cryptographic Services Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Hyper-V Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows DWM Core Library Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 7.1 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 7.8 |
Haute |
||
| Windows Authentication Elevation of Privilege Vulnerability | 4.3 |
Moyen |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.8 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Windows Telephony Server Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Telephony Server Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Cryptographic Services Security Feature Bypass Vulnerability | 7.8 |
Haute |
||
| Windows Distributed File System (DFS) Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability | 7.3 |
Haute |
||
| DHCP Server Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| DHCP Server Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Server Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Proxy Driver Spoofing Vulnerability | 6.7 |
Moyen |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.5 |
Haute |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows Mobile Hotspot Information Disclosure Vulnerability | 5 |
Moyen |
||
| Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| DHCP Server Service Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| DHCP Server Service Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 7.4 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Windows Kerberos Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 7.8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.8 |
Moyen |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| BitLocker Security Feature Bypass Vulnerability | 6.7 |
Moyen |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows Hyper-V Denial of Service Vulnerability | 6.2 |
Moyen |
||
| Windows Cryptographic Services Remote Code Execution Vulnerability | 8.4 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Moyen |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.3 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 7.5 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.4 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 4.1 |
Moyen |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
Haute |
||
| Microsoft Install Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows rndismp6.sys Remote Code Execution Vulnerability | 6.8 |
Moyen |
||
| Windows rndismp6.sys Remote Code Execution Vulnerability | 6.8 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Moyen |
||
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 7.3 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Moyen |
||
| .NET Framework Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Update Stack Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Kerberos Security Feature Bypass Vulnerability | 7.5 |
Haute |
||
| Windows Hyper-V Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Standards-Based Storage Management Service Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Server Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Microsoft AllJoyn API Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability | 6.4 |
Moyen |
||
| Windows USB Hub Driver Remote Code Execution Vulnerability | 6.8 |
Moyen |
||
| Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. | 7.5 |
Haute |
||
| Windows Printing Service Spoofing Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows DNS Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Security Feature Bypass Vulnerability | 5.5 |
Moyen |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Internet Connection Sharing (ICS) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 5.9 |
Moyen |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows OLE Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows SmartScreen Security Feature Bypass Vulnerability | 7.6 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kernel Information Disclosure Vulnerability | 4.6 |
Moyen |
||
| Windows Themes Spoofing Vulnerability | 6.5 |
Moyen |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| .NET Framework Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Cryptographic Services Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 5.7 |
Moyen |
||
| Microsoft AllJoyn API Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Message Queuing Client (MSMQC) Information Disclosure | 6.5 |
Moyen |
||
| Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability | 4.9 |
Moyen |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Microsoft Common Log File System Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 8.1 |
Haute |
||
| NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | 9.8 |
Critique |
||
| Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | 8.7 |
Haute |
||
| Windows TCP/IP Information Disclosure Vulnerability | 5.3 |
Moyen |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows CoreMessaging Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Themes Information Disclosure Vulnerability | 4.7 |
Moyen |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Cryptographic Services Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Message Queuing Client (MSMQC) Information Disclosure | 6.5 |
Moyen |
||
| Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8 |
Haute |
||
| Windows Kerberos Security Feature Bypass Vulnerability | 8.8 |
Haute |
||
| BitLocker Security Feature Bypass Vulnerability | 6.6 |
Moyen |
||
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. | 7.1 |
Haute |
||
| Windows DNS Spoofing Vulnerability | 7.5 |
Haute |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| DHCP Server Service Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Internet Connection Sharing (ICS) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| DHCP Server Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Telephony Server Elevation of Privilege Vulnerability | 8.1 |
Haute |
||
| Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability | 7.5 |
Haute |
||
| XAML Diagnostics Elevation of Privilege Vulnerability | 7.3 |
Haute |
||
| DHCP Server Service Information Disclosure Vulnerability | 5.3 |
Moyen |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | 9.8 |
Critique |
||
| Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |
Haute |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| DHCP Server Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows User Interface Application Core Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Search Service Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Deployment Services Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows NTFS Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows HMAC Key Derivation Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Microsoft Remote Registry Service Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Scripting Engine Memory Corruption Vulnerability | 8.8 |
Haute |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Remote Registry Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 8 |
Haute |
||
| Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| ASP.NET Security Feature Bypass Vulnerability | 8.8 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Win32k Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows IIS Server Elevation of Privilege Vulnerability | 9.8 |
Critique |
||
| Windows TCP/IP Information Disclosure Vulnerability | 7.5 |
Haute |
||
| PrintHTML API Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Microsoft WordPad Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Search Security Feature Bypass Vulnerability | 6.5 |
Moyen |
||
| Windows Deployment Services Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
Haute |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
Haute |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
Moyen |
||
| Windows upnphost.dll Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.3 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Procedure Call Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows TCP/IP Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 8 |
Haute |
||
| Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft DirectMusic Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| DHCP Server Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Deployment Services Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Deployment Services Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft AllJoyn API Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Media Foundation Core Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Virtual Trusted Platform Module Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Mixed Reality Developer Tools Denial of Service Vulnerability | 7.5 |
Haute |
||
| Active Directory Domain Services Information Disclosure Vulnerability | 4.4 |
Moyen |
||
| Windows Power Management Service Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Named Pipe File System Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Runtime Remote Code Execution Vulnerability | 7 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
Haute |
||
| Visual Studio Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Visual Studio Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Visual Studio Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Visual Studio Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows TCP/IP Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| DHCP Server Service Information Disclosure Vulnerability | 5.3 |
Moyen |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows MSHTML Platform Security Feature Bypass Vulnerability | 7 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Miracast Wireless Display Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows TCP/IP Denial of Service Vulnerability | 7.5 |
Haute |
||
| DHCP Server Service Information Disclosure Vulnerability | 5.3 |
Moyen |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| DHCP Server Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| ASP.NET Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| .NET Framework Spoofing Vulnerability | 7.4 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 6.5 |
Moyen |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Fax Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Hyper-V Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Cryptographic Services Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Cryptographic Services Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows System Assessment Tool Elevation of Privilege Vulnerability | 9.8 |
Critique |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Group Policy Security Feature Bypass Vulnerability | 5.5 |
Moyen |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | 5.5 |
Moyen |
||
| A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | 4.7 |
Moyen |
||
| Windows Search Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Azure Active Directory Security Feature Bypass Vulnerability | 6.5 |
Moyen |
||
| Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows MSHTML Platform Security Feature Bypass Vulnerability | 6.5 |
Moyen |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| USB Audio Class System Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft Failover Cluster Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Active Template Library Elevation of Privilege Vulnerability | 6.7 |
Moyen |
||
| Volume Shadow Copy Elevation of Privilege Vulnerability | 7.3 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Network Load Balancing Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Partition Management Driver Elevation of Privilege Vulnerability | 9.8 |
Critique |
||
| Windows Netlogon Information Disclosure Vulnerability | 7.4 |
Haute |
||
| Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Clip Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Desktop Security Feature Bypass Vulnerability | 7.5 |
Haute |
||
| Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Active Directory Federation Service Security Feature Bypass Vulnerability | 6.5 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows Image Acquisition Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft DirectMusic Information Disclosure Vulnerability | 6.2 |
Moyen |
||
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows CryptoAPI Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Peer Name Resolution Protocol Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows MSHTML Platform Security Feature Bypass Vulnerability | 6.5 |
Moyen |
||
| Windows Remote Desktop Protocol Security Feature Bypass | 6.8 |
Moyen |
||
| Windows Local Security Authority (LSA) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Extended Negotiation Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Authentication Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Transaction Manager Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Deployment Services Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Deployment Services Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Procedure Call Runtime Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |
Haute |
||
| Windows MSHTML Platform Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Remote Desktop Security Feature Bypass Vulnerability | 6.8 |
Moyen |
||
| OLE Automation Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Update Orchestrator Service Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
Haute |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Failover Cluster Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows Cryptographic Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
Haute |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
Haute |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
Haute |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
Haute |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
Haute |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| .NET and Visual Studio Denial of Service Vulnerability | 7.5 |
Haute |
||
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 7.5 |
Haute |
||
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | 7.5 |
Haute |
||
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| .NET Framework Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Server Service Security Feature Bypass Vulnerability | 7.6 |
Haute |
||
| Windows SMB Witness Service Security Feature Bypass Vulnerability | 7.1 |
Haute |
||
| Windows DNS Spoofing Vulnerability | 5.6 |
Moyen |
||
| Microsoft PostScript Printer Driver Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Installer Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows iSCSI Discovery Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Collaborative Translation Framework Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Filtering Platform Elevation of Privilege Vulnerability | 7 |
Haute |
||
| iSCSI Target WMI Provider Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Authentication Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft Streaming Service Elevation of Privilege Vulnerability | 8.4 |
Haute |
||
| GDI Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| DHCP Server Service Information Disclosure Vulnerability | 5.3 |
Moyen |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 8.1 |
Haute |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Local Security Authority (LSA) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.3 |
Haute |
||
| Unified Write Filter Elevation of Privilege Vulnerability | 6.7 |
Moyen |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| HTTP.sys Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | 5.9 |
Moyen |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows OLE Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Driver Revocation List Security Feature Bypass Vulnerability | 5.5 |
Moyen |
||
| Secure Boot Security Feature Bypass Vulnerability | 6.7 |
Moyen |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Word Security Feature Bypass Vulnerability | 7.5 |
Haute |
||
| Windows MSHTML Platform Security Feature Bypass Vulnerability | 6.5 |
Moyen |
||
| Microsoft SharePoint Server Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7.4 |
Haute |
||
| Windows Bluetooth Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Backup Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows iSCSI Target Service Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Network File System Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows NFS Portmapper Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows NTLM Security Support Provider Information Disclosure Vulnerability | 5.9 |
Moyen |
||
| Server for NFS Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service. | 7.5 |
Haute |
||
| CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface. | 9.8 |
Critique |
||
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface. | 9.8 |
Critique |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows Group Policy Security Feature Bypass Vulnerability | 4.4 |
Moyen |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Clip Service Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Boot Manager Security Feature Bypass Vulnerability | 6.8 |
Moyen |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Network File System Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Boot Manager Security Feature Bypass Vulnerability | 6.8 |
Moyen |
||
| Netlogon RPC Elevation of Privilege Vulnerability | 8.1 |
Haute |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 8.1 |
Haute |
||
| Remote Desktop Protocol Client Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Network Load Balancing Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Kernel Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| DHCP Server Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Spoofing Vulnerability | 5.5 |
Moyen |
||
| Windows Bluetooth Driver Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows NTLM Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | 7.1 |
Haute |
||
| Windows Domain Name Service Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows Kernel Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.1 |
Haute |
||
| Windows Error Reporting Service Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Remote Procedure Call Runtime Information Disclosure Vulnerability | 5.3 |
Moyen |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows SmartScreen Security Feature Bypass Vulnerability | 4.4 |
Moyen |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 4.3 |
Moyen |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Secure Channel Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Partition Management Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Cryptographic Services Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | 7.1 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Accounts Picture Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows HTTP.sys Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | 7.1 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability | 7 |
Haute |
||
| An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. | 7.8 |
Haute |
||
| An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. | 5.5 |
Moyen |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| .NET and Visual Studio Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| .NET Framework Denial of Service Vulnerability | 5 |
Moyen |
||
| Windows iSCSI Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows iSCSI Discovery Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | 5.3 |
Moyen |
||
| Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | 6.2 |
Moyen |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Fax Service Remote Code Execution Vulnerability | 6.8 |
Moyen |
||
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 5.7 |
Moyen |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| NT OS Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 7.4 |
Haute |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Active Directory Domain Services API Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows iSCSI Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | 9.8 |
Critique |
||
| A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | 9.8 |
Critique |
||
| A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | 7.8 |
Haute |
||
| A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | 7.8 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Procedure Call Runtime Denial of Service Vulnerability | 5.3 |
Moyen |
||
| Windows iSCSI Service Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows GDI Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Task Scheduler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows SMB Witness Service Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 9.1 |
Critique |
||
| Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Boot Manager Security Feature Bypass Vulnerability | 6.6 |
Moyen |
||
| Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| BitLocker Security Feature Bypass Vulnerability | 6.8 |
Moyen |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability | 5.3 |
Moyen |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Credential Manager User Interface Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Netlogon Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows NTLM Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.1 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.1 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Overlay Filter Information Disclosure Vulnerability | 4.7 |
Moyen |
||
| Windows Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| PowerShell Remote Code Execution Vulnerability | 8.5 |
Haute |
||
| Windows Fax Compose Form Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| .NET Framework Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Contacts Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Media Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Bluetooth Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Denial of Service Vulnerability | 6.8 |
Moyen |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows SmartScreen Security Feature Bypass Vulnerability | 5.4 |
Moyen |
||
| Windows Kernel Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
Moyen |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Scripting Languages Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | 8.1 |
Haute |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.2 |
Haute |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Netlogon RPC Elevation of Privilege Vulnerability | 8.1 |
Haute |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Extensible File Allocation Table Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Kerberos Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows HTTP.sys Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
Haute |
||
| .NET Framework Information Disclosure Vulnerability | 5.8 |
Moyen |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 6.4 |
Moyen |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | 5.9 |
Moyen |
||
| Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 |
Moyen |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows GDI+ Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Scripting Languages Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows COM+ Event System Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows CryptoAPI Spoofing Vulnerability | 7.5 |
Haute |
||
| Windows NTLM Spoofing Vulnerability | 6.5 |
Moyen |
||
| Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | 5.9 |
Moyen |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Active Directory Certificate Services Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Active Directory Certificate Services Security Feature Bypass | 7.5 |
Haute |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Event Logging Service Denial of Service Vulnerability | 4.3 |
Moyen |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows WLAN Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Group Policy Preference Client Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Group Policy Preference Client Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Group Policy Preference Client Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Resilient File System Elevation of Privilege | 7.8 |
Haute |
||
| Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 3.3 |
Bas |
||
| Windows DHCP Client Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Storage Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | 6.6 |
Moyen |
||
| Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Workstation Service Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
Haute |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 7.1 |
Haute |
||
| Windows Security Support Provider Interface Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows CD-ROM File System Driver Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Server Service Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Fax Service Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability | 6.5 |
Moyen |
||
| SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Enterprise App Management Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Event Tracing Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows DNS Server Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Distributed File System (DFS) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows TCP/IP Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 8.1 |
Haute |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 8.1 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Credential Roaming Service Elevation of Privilege Vulnerability | 7.3 |
Haute |
||
| .NET Framework Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Photo Import API Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Graphics Component Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | 6.7 |
Moyen |
||
| A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | 6.7 |
Moyen |
||
| A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | 6.7 |
Moyen |
||
| Windows Defender Credential Guard Security Feature Bypass Vulnerability | 7.1 |
Haute |
||
| Windows Defender Credential Guard Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.3 |
Haute |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Defender Credential Guard Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft ATA Port Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Defender Credential Guard Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Defender Credential Guard Security Feature Bypass Vulnerability | 6 |
Moyen |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Partition Management Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows Fax Service Elevation of Privilege Vulnerability | 7.1 |
Haute |
||
| Windows Partition Management Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows WebBrowser Control Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Defender Credential Guard Information Disclosure Vulnerability | 4.7 |
Moyen |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.1 |
Haute |
||
| Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability | 7.1 |
Haute |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Hyper-V Information Disclosure Vulnerability | 5.7 |
Moyen |
||
| Windows Shell Remote Code Execution Vulnerability | 8.4 |
Haute |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Active Directory Federation Services Elevation of Privilege Vulnerability | 7.5 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows GDI+ Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows IIS Server Elevation of Privilege Vulnerability | 7.4 |
Haute |
||
| Windows Security Account Manager (SAM) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Group Policy Elevation of Privilege Vulnerability | 6.6 |
Moyen |
||
| Windows Boot Manager Security Feature Bypass Vulnerability | 7.4 |
Haute |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows BitLocker Information Disclosure Vulnerability | 5.7 |
Moyen |
||
| Windows Fax Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| BitLocker Security Feature Bypass Vulnerability | 6.1 |
Moyen |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows.Devices.Picker.dll Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 6.8 |
Moyen |
||
| Internet Information Services Dynamic Compression Module Denial of Service Vulnerability | 7.3 |
Haute |
||
| Windows Network File System Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.5 |
Haute |
||
| Performance Counters for Windows Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Network File System Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Network File System Information Disclosure Vulnerability | 5.9 |
Moyen |
||
| Windows Fax Service Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows Internet Information Services Cachuri Module Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Fax Service Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | 6.6 |
Moyen |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.1 |
Haute |
||
| Windows Kernel Information Disclosure Vulnerability | 4.7 |
Moyen |
||
| Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Kerberos AppContainer Security Feature Bypass Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 8.5 |
Haute |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability | 5.3 |
Moyen |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability | 7.5 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Desired State Configuration (DSC) Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows File History Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows iSCSI Discovery Service Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Network File System Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability. | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows LSA Spoofing Vulnerability | 8.1 |
Haute |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| .NET Framework Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Print Spooler Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Clustered Shared Volume Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Clustered Shared Volume Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| BitLocker Security Feature Bypass Vulnerability | 4.2 |
Moyen |
||
| Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Push Notifications Apps Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Clustered Shared Volume Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Clustered Shared Volume Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows WLAN AutoConfig Service Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Clustered Shared Volume Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Fax Service Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Graphics Component Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Failover Cluster Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Network File System Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Server Service Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows WLAN AutoConfig Service Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Graphics Component Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows NTFS Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Storage Spaces Direct Elevation of Privilege Vulnerability | 8.2 |
Haute |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.5 |
Haute |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Address Book Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Security Feature Bypass Vulnerability | 4.1 |
Moyen |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows PlayToManager Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows User Profile Service Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Fax Compose Form Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Fax Compose Form Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Fax Compose Form Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Secure Channel Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| .NET Framework Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows DNS Server Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows File Explorer Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Work Folder Service Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| PowerShell Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Telephony Server Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows AppX Package Manager Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kerberos Remote Code Execution Vulnerability | 8.1 |
Haute |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Server Service Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | 8.1 |
Haute |
||
| Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Win32 Stream Enumeration Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Remote Desktop Protocol Remote Code Execution Vulnerability | 8 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows SMB Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows iSCSI Target Service Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Network File System Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Direct Show Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Network File System Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | 8.1 |
Haute |
||
| Cluster Client Failover (CCF) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Win32 File Enumeration Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Win32 Stream Enumeration Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Remote Desktop Protocol Client Information Disclosure Vulnerability | 5.4 |
Moyen |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 6.5 |
Moyen |
||
| Tablet Windows User Interface Application Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Fax and Scan Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows CD-ROM Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Security Support Provider Interface Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows PDEV Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows NT OS Kernel Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Event Tracing Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Inking COM Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.2 |
Haute |
||
| Windows ALPC Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft Defender for Endpoint Spoofing Vulnerability | 5.9 |
Moyen |
||
| Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Media Foundation Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Media Foundation Information Disclosure Vulnerability | 3.3 |
Bas |
||
| Windows Hyper-V Denial of Service Vulnerability | 4.7 |
Moyen |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Common Log File System Driver Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Windows User Account Profile Picture Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.1 |
Haute |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 7.9 |
Haute |
||
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Mobile Device Management Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Roaming Security Rights Management Services Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows User Profile Service Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 |
Moyen |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 |
Moyen |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 |
Moyen |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 |
Moyen |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 |
Moyen |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 |
Moyen |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.4 |
Moyen |
||
| Workstation Service Remote Protocol Security Feature Bypass Vulnerability | 5.3 |
Moyen |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Kerberos Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows GDI+ Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass | 7.5 |
Haute |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| .NET Framework Denial of Service Vulnerability | 7.5 |
Haute |
||
| Microsoft Cluster Port Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows GDI Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Hyper-V Security Feature Bypass Vulnerability | 8 |
Haute |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 9 |
Critique |
||
| Windows Hyper-V Security Feature Bypass Vulnerability | 4.6 |
Moyen |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Secure Boot Security Feature Bypass Vulnerability | 4.4 |
Moyen |
||
| Windows User Profile Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Desktop Protocol Remote Code Execution Vulnerability | 8 |
Haute |
||
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 |
Moyen |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
Haute |
||
| Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows GDI+ Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Geolocation Service Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Win32k Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Storage Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Tile Data Repository Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Security Center API Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Devices Human Interface Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Push Notifications Apps Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows System Launcher Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Connected Devices Platform Service Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows StateRepository API Server file Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows UI Immersive Server API Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Application Model Core API Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows AppContracts API Server Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Windows Accounts Control Elevation of Privilege Vulnerability | 7 |
Haute |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Cleanup Manager Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Certificate Spoofing Vulnerability | 7.8 |
Haute |
||
| Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Virtual Machine IDE Drive Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability | 7.5 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Storage Spaces Controller Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Fax Service Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows NTFS Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Event Tracing Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows NTFS Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows NTFS Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Storage Spaces Controller Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft Message Queuing Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution | 9.8 |
Critique |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data. | 6.5 |
Moyen |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 7.5 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Denial of Service Vulnerability | 7.5 |
Haute |
||
| NTFS Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows Feedback Hub Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Chakra Scripting Engine Memory Corruption Vulnerability | 7.5 |
Haute |
||
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Microsoft COM for Windows Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability | 6.8 |
Moyen |
||
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | 4.4 |
Moyen |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Denial of Service Vulnerability | 7.5 |
Haute |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Desktop Protocol Client Information Disclosure Vulnerability | 7.4 |
Haute |
||
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | 4.4 |
Moyen |
||
| Windows Desktop Bridge Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Active Directory Federation Server Spoofing Vulnerability | 5.4 |
Moyen |
||
| Windows AppX Deployment Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Fast FAT File System Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability | 5.5 |
Moyen |
||
| Active Directory Security Feature Bypass Vulnerability | 4.9 |
Moyen |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Media Audio Decoder Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows AppContainer Elevation Of Privilege Vulnerability | 7.8 |
Haute |
||
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 7.2 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Text Shaping Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.7 |
Haute |
||
| Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability | 6.5 |
Moyen |
||
| Windows Installer Spoofing Vulnerability | 5.5 |
Moyen |
||
| Rich Text Edit Control Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows exFAT File System Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Fast FAT File System Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Print Spooler Spoofing Vulnerability | 8.8 |
Haute |
||
| Windows TCP/IP Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows HTTP.sys Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability. UPDATE September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system. |
8.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft Windows Update Client Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| BitLocker Security Feature Bypass Vulnerability | 5.7 |
Moyen |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows SMB Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows SMB Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows WLAN AutoConfig Service Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Installer Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Installer Denial of Service Vulnerability | 6.1 |
Moyen |
||
| Windows SMB Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Authenticode Spoofing Vulnerability | 5.5 |
Moyen |
||
| Windows Scripting Engine Memory Corruption Vulnerability | 8.1 |
Haute |
||
| Windows LSA Spoofing Vulnerability | 7.5 |
Haute |
||
| Windows User Profile Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Cryptographic Primitives Library Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | 8 |
Haute |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Desktop Client Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 7.5 |
Haute |
||
| Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Scripting Engine Memory Corruption Vulnerability | 8.8 |
Haute |
||
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows User Account Profile Picture Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows TCP/IP Remote Code Execution Vulnerability | 9.9 |
Critique |
||
| Scripting Engine Memory Corruption Vulnerability | 8.8 |
Haute |
||
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. UPDATE August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see KB5005652. |
9.8 |
Critique |
||
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows AppContainer Elevation Of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Remote Code Execution Vulnerability | 9.9 |
Critique |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows File History Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 8.8 |
Haute |
||
| Windows DNS Server Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| GDI+ Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Storage Spaces Controller Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Remote Assistance Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Address Book Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Memory Information Disclosure Vulnerability | 7.7 |
Haute |
||
| Windows DNS Server Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows GDI Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows GDI Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows DNS Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Partition Management Driver Elevation of Privilege Vulnerability | 6.7 |
Moyen |
||
| Windows Certificate Spoofing Vulnerability | 8.1 |
Haute |
||
| Win32k Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Bowser.sys Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows LSA Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows LSA Security Feature Bypass Vulnerability | 8.8 |
Haute |
||
| Windows SMB Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Authenticode Spoofing Vulnerability | 5.5 |
Moyen |
||
| Azure AD Security Feature Bypass Vulnerability | 8.1 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows AD FS Security Feature Bypass Vulnerability | 8.1 |
Haute |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Installer Spoofing Vulnerability | 6.2 |
Moyen |
||
| Windows Key Distribution Center Information Disclosure Vulnerability | 5.9 |
Moyen |
||
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Desktop Bridge Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Denial of Service Vulnerability | 7.7 |
Haute |
||
| Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability | 9.8 |
Critique |
||
| Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 8 |
Haute |
||
| Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows DNS Snap-in Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows DNS Server Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
Haute |
||
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):
Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design. UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates. Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527. |
8.8 |
Haute |
||
| Windows MSHTML Platform Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Server for NFS Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows Hyper-V Denial of Service Vulnerability | 8.6 |
Haute |
||
| Server for NFS Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Windows GPSVC Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Server for NFS Denial of Service Vulnerability | 7.5 |
Haute |
||
| Event Tracing for Windows Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows HTML Platforms Security Feature Bypass Vulnerability | 8.8 |
Haute |
||
| Windows TCP/IP Driver Security Feature Bypass Vulnerability | 5.5 |
Moyen |
||
| Windows Remote Desktop Services Denial of Service Vulnerability | 7.5 |
Haute |
||
| Kerberos AppContainer Security Feature Bypass Vulnerability | 9.8 |
Critique |
||
| Windows NTLM Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Scripting Engine Memory Corruption Vulnerability | 7.8 |
Haute |
||
| Windows NTFS Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Filter Manager Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows DCOM Server Security Feature Bypass | 6.5 |
Moyen |
||
| OLE Automation Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows SSDP Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | 7.4 |
Haute |
||
| Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft Bluetooth Driver Spoofing Vulnerability | 7.1 |
Haute |
||
| Windows CSC Service Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 9.9 |
Critique |
||
| Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Scripting Engine Memory Corruption Vulnerability | 7.5 |
Haute |
||
| The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. | 3.5 |
Bas |
||
| Windows Portmapping Information Disclosure Vulnerability | 7.1 |
Haute |
||
| Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | 4.4 |
Moyen |
||
| Windows Hyper-V Security Feature Bypass Vulnerability | 6.5 |
Moyen |
||
| Windows Console Driver Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows TCP/IP Driver Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Installer Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Event Tracing Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Speech Runtime Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Speech Runtime Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Speech Runtime Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows DNS Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows AppX Deployment Server Denial of Service Vulnerability | 6.1 |
Moyen |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows SMB Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows DNS Information Disclosure Vulnerability | 6.5 |
Moyen |
||
| Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows GDI+ Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft Windows Codecs Library Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Media Video Decoder Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability | 4.6 |
Moyen |
||
| Windows Application Compatibility Cache Denial of Service Vulnerability | 6.5 |
Moyen |
||
| NTFS Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Media Video Decoder Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | 4.4 |
Moyen |
||
| Windows Kernel Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Microsoft Internet Messaging API Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Media Photo Codec Information Disclosure Vulnerability | 5.7 |
Moyen |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Denial of Service Vulnerability | 7.7 |
Haute |
||
| Windows Installer Spoofing Vulnerability | 6.2 |
Moyen |
||
| Internet Explorer Memory Corruption Vulnerability | 8.8 |
Haute |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows DNS Server Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows UPnP Device Host Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows DNS Server Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows DNS Server Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows DNS Server Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | 6.2 |
Moyen |
||
| Windows Container Execution Agent Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder. To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data. This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See the FAQ section of this CVE for configuration guidance. |
7.8 |
Haute |
||
| User Profile Service Denial of Service Vulnerability | 6.1 |
Moyen |
||
| Windows Media Photo Codec Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Remote Access API Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows DNS Server Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows User Profile Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows ActiveX Installer Service Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Update Service Elevation of Privilege Vulnerability | 7.1 |
Haute |
||
| Windows Container Execution Agent Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Windows Virtual Registry Provider Elevation of Privilege Vulnerability | 8.4 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Event Tracing Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Update Stack Setup Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows PKU2U Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| .NET Framework Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows TCP/IP Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Microsoft Defender Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Local Spooler Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Camera Codec Pack Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows TCP/IP Denial of Service Vulnerability | 7.5 |
Haute |
||
| Windows Address Book Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability | 6.5 |
Moyen |
||
| Windows Trust Verification API Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Microsoft Windows Codecs Library Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Backup Engine Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Fax Service Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows DNS Server Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Microsoft Windows VMSwitch Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows TCP/IP Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Windows Remote Procedure Call Information Disclosure Vulnerability | 7.5 |
Haute |
||
| Microsoft SharePoint Server Spoofing Vulnerability | 8 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Fax Service Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Microsoft Windows Security Feature Bypass Vulnerability | 8.8 |
Haute |
||
| Microsoft Defender Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows GDI+ Information Disclosure Vulnerability | 5.7 |
Moyen |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows LUAFV Elevation of Privilege Vulnerability | 8.8 |
Haute |
||
| Microsoft Edge (HTML-based) Memory Corruption Vulnerability | 7.5 |
Haute |
||
| Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows (modem.sys) Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows InstallService Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Update Stack Elevation of Privilege Vulnerability | 9.8 |
Critique |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Denial of Service Vulnerability | 7.7 |
Haute |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Multipoint Management Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key | 5.5 |
Moyen |
||
| Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X coordinate as the locally exchanged public key | 5.5 |
Moyen |
||
| Windows CryptoAPI Denial of Service Vulnerability | 6.5 |
Moyen |
||
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Print Spooler Spoofing Vulnerability | 8.8 |
Haute |
||
| Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Remote Desktop Security Feature Bypass Vulnerability | 8.8 |
Haute |
||
| Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| GDI+ Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Installer Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Fax Compose Form Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| TPM Device Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows CSC Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Active Template Library Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft splwow64 Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Docker Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows DNS Query Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows SMB Information Disclosure Vulnerability | 8.1 |
Haute |
||
| Windows Error Reporting Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Lock Screen Security Feature Bypass Vulnerability | 6.8 |
Moyen |
||
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows NTFS Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Digital Media Receiver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows GDI+ Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Error Reporting Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Hyper-V Remote Code Execution Vulnerability | 9.9 |
Critique |
||
| Windows Network Connections Service Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Kerberos Security Feature Bypass Vulnerability | 6.5 |
Moyen |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Local Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Spoofing Vulnerability | 5.5 |
Moyen |
||
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows USO Core Worker Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows NDIS Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
Haute |
||
| Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Microsoft Browser Memory Corruption Vulnerability | 7.5 |
Haute |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Network File System Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Chakra Scripting Engine Memory Corruption Vulnerability | 7.5 |
Haute |
||
| Windows Network File System Remote Code Execution Vulnerability | 9.8 |
Critique |
||
| Scripting Engine Memory Corruption Vulnerability | 8.1 |
Haute |
||
| Windows Network File System Denial of Service Vulnerability | 7.5 |
Haute |
||
| Chakra Scripting Engine Memory Corruption Vulnerability | 8.1 |
Haute |
||
| Windows KernelStream Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Error Reporting Denial of Service Vulnerability | 5.5 |
Moyen |
||
| Windows Print Spooler Remote Code Execution Vulnerability | 8.8 |
Haute |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Hyper-V Security Feature Bypass Vulnerability | 9.8 |
Critique |
||
| Windows Print Configuration Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Win32k Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Function Discovery SSDP Provider Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Canonical Display Driver Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Win32k Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Port Class Library Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Error Reporting Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Desktop Protocol Client Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
Moyen |
||
| DirectX Elevation of Privilege Vulnerability | 7.8 |
Haute |
||
| Remote Desktop Protocol Server Information Disclosure Vulnerability | 7.7 |
Haute |
||
| A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD. | 7.2 |
Haute |
||
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory. |
7.8 |
Haute |
||
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows iSCSI Target Service properly handles file operations. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. |
7.8 |
Haute |
||
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server. The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory. |
7.5 |
Haute |
||
An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how Group Policy checks access. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing. The security update addresses the vulnerability by correcting how the Windows User Profile Service handles junction points. |
7.8 |
Haute |
||
An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory. To exploit the vulnerability, an authenticated attacker would need to run a specially crafted application. The update addresses the vulnerability by correcting how the .NET Framework handles objects in memory. |
5.5 |
Moyen |
||
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how the Windows COM Server creates COM objects. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. |
7.8 |
Haute |
||
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Word handles these files. |
8.8 |
Haute |
||
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. |
7.8 |
Haute |
||
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services. The update addresses the vulnerability by correcting how RDP handles connection requests. |
7.5 |
Haute |
||
A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures. |
5.5 |
Moyen |
||
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory. |
7.8 |
Haute |
||
An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. An attacker who successfully exploited this vulnerability could read arbitrary files. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Windows Enterprise App Management Service properly handles file operations. |
5.5 |
Moyen |
||
An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Application Compatibility Client Library properly handles registry operations. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how the Windows COM Server creates COM objects. |
7.8 |
Haute |
||
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how GDI+ handles memory addresses. |
5.5 |
Moyen |
||
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. |
8.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. |
7.8 |
Haute |
||
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows. The security update addresses the vulnerability by correcting security feature behavior to enforce permissions. |
6.2 |
Moyen |
||
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability:
The security update addresses the vulnerability by correcting the way that the Windows GDI handles objects in the memory. |
8.8 |
Haute |
||
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application. The security update addresses the vulnerability by correcting the way that WER handles and executes files. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application. The security update addresses the vulnerability by correcting the way that WER handles and executes files. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Event System handles objects in memory. |
7.8 |
Haute |
||
An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how a NetBT handles objects in memory. |
5.5 |
Moyen |
||
An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services. The update addresses the vulnerability by correcting how RDP handles connection requests. |
7.5 |
Haute |
||
An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows kernel image properly handles objects in memory. |
7.8 |
Haute |
||
A denial of service vulnerability exists when Windows Network Address Translation (NAT) on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how Windows NAT accesses the host. |
7.7 |
Haute |
||
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. |
8.8 |
Haute |
||
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Network Connections Service properly handles objects in memory. |
7.8 |
Haute |
||
An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows KernelStream handles objects in memory. |
5.5 |
Moyen |
||
An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Storage VSP Driver properly handles file operations. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Application Compatibility Client Library properly handles registry operations. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Storage Services properly handle file operations. |
7.8 |
Haute |
||
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory. |
7.5 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows UPnP service handles objects in memory. |
7.8 |
Haute |
||
A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel. To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack. The update addresses the vulnerability by correcting how TLS components use hash algorithms. |
5.4 |
Moyen |
||
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Decoder handles objects. |
8.8 |
Haute |
||
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. |
5.5 |
Moyen |
||
An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Storage Services properly handle file operations. |
7.8 |
Haute |
||
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Decoder handles objects. |
8.8 |
Haute |
||
An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Function Discovery Service properly handles objects in memory. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The security update addresses the vulnerability by checking COM objects. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the ssdpsrv.dll properly handles objects in memory. |
7.8 |
Haute |
||
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. |
7.8 |
Haute |
||
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability:
The security update addresses the vulnerability by correcting the way that the Windows GDI handles objects in the memory. |
8.8 |
Haute |
||
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how DirectX handles objects in memory. |
7.8 |
Haute |
||
A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The updates address the vulnerability by correcting how Windows handles objects in memory. |
7.8 |
Haute |
||
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. |
6.5 |
Moyen |
||
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory. |
5.5 |
Moyen |
||
A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service. The update addresses the vulnerability by correcting how Windows DNS processes queries. |
7.5 |
Haute |
||
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory. |
7.8 |
Haute |
||
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory. |
7.5 |
Haute |
||
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory. |
7.5 |
Haute |
||
An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Microsoft Store Runtime handles memory. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how Windows handles calls to Win32k. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations. |
7.8 |
Haute |
||
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. |
8.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how CLFS handles objects in memory. |
7.8 |
Haute |
||
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. |
6.5 |
Moyen |
||
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. |
5.5 |
Moyen |
||
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. |
6.5 |
Moyen |
||
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory. |
8.1 |
Haute |
||
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the ssdpsrv.dll properly handles objects in memory. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how DirectX handles objects in memory. |
7.8 |
Haute |
||
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory. |
7.8 |
Haute |
||
A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory. |
5.5 |
Moyen |
||
An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory. To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by correcting how DHCP servers initializes memory. |
7.5 |
Haute |
||
An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine. To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. An attacker could then create a group policy to grant administrator rights to a standard user. The security update addresses the vulnerability by enforcing Kerberos authentication for certain calls over LDAP. |
8.1 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the vulnerability:
The security update addresses the vulnerability by ensuring the Wininit.dll properly handles objects in memory. |
8.8 |
Haute |
||
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. |
5.5 |
Moyen |
||
A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of the Windows Camera Codec Pack. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how the Windows Camera Codec Pack handles objects in memory. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. The update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects in memory and preventing unintended elevation from user mode. |
7.8 |
Haute |
||
A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the vulnerability, an attacker need administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code. The update addresses the vulnerability by correcting how PowerShell commands are validated when WDAC protection is enabled. |
6.7 |
Moyen |
||
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory. |
5.5 |
Moyen |
||
| Microsoft Graphics Component Denial of Service Vulnerability | 5.5 |
Moyen |
||
A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file or lure the target to a website hosting malicious JavaScript. The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory. |
8.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Function Discovery SSDP Provider handles memory. |
7.8 |
Haute |
||
An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. |
5.5 |
Moyen |
||
A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a victim system. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (Chromium-based), and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. The security update addresses the vulnerability by correcting how the Windows Text Service Module handles memory. |
7.5 |
Haute |
||
An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Modules Installer handles objects in memory. |
7.8 |
Haute |
||
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests. |
6.5 |
Moyen |
||
An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Storage Services properly handle file operations. |
7.8 |
Haute |
||
An information disclosure vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system (low-integrity to medium-integrity). This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls. |
5.5 |
Moyen |
||
An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system. To exploit this condition, an authenticated attacker would need to send a specially crafted request to the AD|DNS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system. The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory. |
6.5 |
Moyen |
||
An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting the way in which the Shell infrastructure component handles objects in memory and preventing unintended elevation from lower integrity application. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factors. To exploit this vulnerability, an attacker could send a specially crafted authentication request. This security update corrects how ADFS handles multi-factor authentication requests. |
5.3 |
Moyen |
||
An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how NTFS checks access. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory. |
7.8 |
Haute |
||
A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service. The update addresses the vulnerability by correcting how Windows DNS processes queries. |
7.5 |
Haute |
||
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Microsoft Store Runtime handles memory. |
7.8 |
Haute |
||
An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by addressing how the Windows Cryptographic Catalog Services handle objects in memory. |
7.8 |
Haute |
||
A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To exploit the vulnerability, an authenticated attacker could send malicious requests to an Active Directory integrated DNS (ADIDNS) server. The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory. |
8.8 |
Haute |
||
A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To exploit the vulnerability, an authenticated attacker could send malicious requests to an Active Directory integrated DNS (ADIDNS) server. The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory. |
8.8 |
Haute |
||
An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system. To exploit this condition, an authenticated attacker would need to send a specially crafted request to the AD|DNS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system. The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory. |
6.5 |
Moyen |
||
An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows RSoP Service Application handles memory. |
7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. | 10 |
Critique |
||
| A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Ancillary Function Driver for WinSock handles memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Function Discovery SSDP Provider handles memory. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability. The security update addresses the vulnerability by modifying how MSHTML engine validates input. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains malicious PDF content. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted PDF content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how Windows handles junctions. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows WalletService properly handles objects in memory. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory. | 7.8 |
Haute |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations. | 8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows CDP User Components handle memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows CDP User Components handle memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Remote Access properly handles file operations. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows UPnP Device Host handles memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Accounts Control handles memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows WalletService properly handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how GDI handles objects in memory and by preventing instances of unintended user-mode privilege elevation. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how Windows Remote Access handles memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Custom Protocol Engine handles memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Radio Manager API handles memory. | 7.8 |
Haute |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Network Connection Broker handles memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Speech Runtime handles memory. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Speech Runtime handles memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows UPnP Device Host handles memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows CSC Service handles memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Telephony Server handles memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. | 8.8 |
Haute |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows CSC Service handles memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application. The security update addresses the vulnerability by correcting how the Storage Services handles file operations. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log onto an affected system and open a specially crafted file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The update addresses the vulnerability by correcting how Media Foundation handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information. The security update addresses the vulnerability by correcting how the WIA Service handles objects in memory. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory. | 7.8 |
Haute |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. | 7.8 |
Haute |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the srmsvc.dll properly handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET handle requests. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information. The security update addresses the vulnerability by correcting how the WIA Service handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows handles hard links. | 10 |
Critique |
||
| An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory. | 7.8 |
Haute |
||
| A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides RD Gateway services. The update addresses the vulnerability by correcting how RD Gateway handles connection requests. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system To exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable. The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests. | 5.5 |
Moyen |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application. The security update addresses the vulnerability by correcting how .NET Framework processes input. | 7.8 |
Haute |
||
| Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. | 6.4 |
Moyen |
||
| GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. | 6.4 |
Moyen |
||
| GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. | 6.4 |
Moyen |
||
| A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. | 10 |
Critique |
||
| A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043. | 9 |
Critique |
||
| An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory, aka 'Windows SharedStream Library Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'. | 7.1 |
Haute |
||
| An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability'. | 4.3 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory, aka 'Windows Sync Host Service Elevation of Privilege Vulnerability'. | 5.3 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'. | 4.3 |
Moyen |
||
| An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1354. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1438. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1428, CVE-2020-1438. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1426. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1336. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book (WAB), aka 'Windows Address Book Remote Code Execution Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1401. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1407. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog.An attacker who successfully exploited the vulnerability could execute commands with elevated permissions.The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly., aka 'Windows Lockscreen Elevation of Privilege Vulnerability'. | 6.8 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1392, CVE-2020-1394. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1392, CVE-2020-1394, CVE-2020-1395. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1419, CVE-2020-1426. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory, aka 'Windows Credential Picker Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1359. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1365. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1362. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory, aka 'Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A denial of service vulnerability exists in the way that the WalletService handles files, aka 'Windows WalletService Denial of Service Vulnerability'. | 7.1 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1371. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1369. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations, aka 'Windows Profile Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in the way that the WalletService handles memory.To exploit the vulnerability, an attacker would first need code execution on a victim system, aka 'Windows WalletService Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Resource Policy Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1384. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka 'Windows iSCSI Target Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations, aka 'Windows System Events Broker Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1430. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows USO Core Worker Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1362, CVE-2020-1369. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points, aka 'Group Policy Services Policy Processing Elevation of Privilege Vulnerability'. | 6.7 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422. | 7.8 |
Haute |
||
| This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'. | 4.9 |
Moyen |
||
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1043. | 9 |
Critique |
||
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042. | 9 |
Critique |
||
| An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1042, CVE-2020-1043. | 9 |
Critique |
||
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043. | 9 |
Critique |
||
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043. | 9 |
Critique |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka 'Group Policy Elevation of Privilege Vulnerability'. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'. | 5.3 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server fails to properly handle messages sent from TSF clients, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Component Object Model (COM) client uses special case IIDs, aka 'Component Object Model Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1222. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1253. | 6.7 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1306, CVE-2020-1334. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1272, CVE-2020-1277, CVE-2020-1312. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver.The update addresses the vulnerability by correcting how Windows handles cabinet files., aka 'Windows Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1287. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1294. | 7.8 |
Haute |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotlight images from a secure location, aka 'Windows Lockscreen Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1277, CVE-2020-1302, CVE-2020-1312. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1261. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1263. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 7.8 |
Haute |
||
| A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged, aka 'Windows Host Guardian Service Security Feature Bypass Vulnerability'. | 4.3 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1310. | 6.7 |
Moyen |
||
| An elevation of privilege vulnerability exists when Windows Modules Installer Service improperly handles class object members.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Modules Installer Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1253, CVE-2020-1310. | 6.7 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310. | 7.8 |
Haute |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1238. | 8.8 |
Haute |
||
| A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization., aka 'Windows Kernel Security Feature Bypass Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1208. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1260. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | 7.5 |
Haute |
||
| A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'. | 6.1 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1230, CVE-2020-1260. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Information Disclosure Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when an OLE Automation component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'OLE Automation Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1247, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1236. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A denial of service vulnerability exists when Windows Registry improperly handles filesystem operations, aka 'Windows Registry Denial of Service Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory, aka 'Windows Print Configuration Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1170. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 8.1 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0915. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0916. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1191. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1190, CVE-2020-1191. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1141, CVE-2020-1145. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1175. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1175, CVE-2020-1176. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1176. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1164. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1158, CVE-2020-1164. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1145, CVE-2020-1179. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1054. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1150. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles file and folder links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
Haute |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1136, CVE-2020-1150. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
Haute |
||
| A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1084. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory, aka 'Microsoft Color Management Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1087. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | 9.9 |
Critique |
||
| A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka 'Windows Task Scheduler Security Feature Bypass Vulnerability'. | 7.5 |
Haute |
||
| A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1060. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1062. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1021, CVE-2020-1082. | 7.8 |
Haute |
||
| A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values.An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service validates certain function values., aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1123. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows fails to properly handle objects in memory, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1010, CVE-2020-1068. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1021, CVE-2020-1088. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog, aka 'Windows Remote Access Common Dialog Elevation of Privilege Vulnerability'. | 6.8 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1048. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1010, CVE-2020-1079. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka 'MSHTML Engine Remote Code Execution Vulnerability'. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Microsoft Script Runtime handles objects in memory, aka 'Microsoft Script Runtime Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1092. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1093. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | 8.1 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1060, CVE-2020-1093. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1174, CVE-2020-1175, CVE-2020-1176. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1058, CVE-2020-1060, CVE-2020-1093. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
Haute |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1126, CVE-2020-1136, CVE-2020-1150. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1068, CVE-2020-1079. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1082, CVE-2020-1088. | 7.8 |
Haute |
||
| A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets.To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to properly handle these network packets., aka 'Windows Hyper-V Denial of Service Vulnerability'. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1141, CVE-2020-1145, CVE-2020-1179. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory, aka 'Windows Push Notification Service Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0940, CVE-2020-1001, CVE-2020-1006. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-0983, CVE-2020-1009, CVE-2020-1011. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-0983, CVE-2020-1011, CVE-2020-1015. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows System Assessment Tool improperly handles file operations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-0983, CVE-2020-1009, CVE-2020-1015. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0821. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0982, CVE-2020-0987. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0940, CVE-2020-1001, CVE-2020-1017. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1027. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1003, CVE-2020-1027. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'. | 7.1 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-1008. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0999, CVE-2020-1008. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008. | 7.8 |
Haute |
||
| A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0996. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0982, CVE-2020-1005. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0987, CVE-2020-1005. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-1009, CVE-2020-1011, CVE-2020-1015. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0966. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0967. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0699. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0956, CVE-2020-0957. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure in CPU Memory Access'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0957, CVE-2020-0958. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008. | 7.8 |
Haute |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0948, CVE-2020-0949. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0949, CVE-2020-0950. | 8.8 |
Haute |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0948, CVE-2020-0950. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0937, CVE-2020-0939, CVE-2020-0946, CVE-2020-0947. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0937, CVE-2020-0939, CVE-2020-0945, CVE-2020-0947. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1001, CVE-2020-1006, CVE-2020-1017. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0944, CVE-2020-1029. | 7.1 |
Haute |
||
| An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections, aka 'Windows Scheduled Task Elevation of Privilege Vulnerability'. | 7.1 |
Haute |
||
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0939, CVE-2020-0945, CVE-2020-0946, CVE-2020-0947. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1007. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0888. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0962. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0791. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0849. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. | 4.3 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0788, CVE-2020-0877. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0881. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0883. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0880. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0880, CVE-2020-0882. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0882. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0788, CVE-2020-0887. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882. | 5.5 |
Moyen |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0809. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka 'Windows Network Connections Service Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0868. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0867. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0866, CVE-2020-0897. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0897. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0770, CVE-2020-0773. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0776. | 7.8 |
Haute |
||
| An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0896. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0842. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0849, CVE-2020-0896. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0843. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0841, CVE-2020-0849, CVE-2020-0896. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations, aka 'Windows Device Setup Manager Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0842, CVE-2020-0843. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0869. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0772. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0804, CVE-2020-0845. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0845. | 7.8 |
Haute |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0807, CVE-2020-0809, CVE-2020-0869. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0898. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0877, CVE-2020-0887. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 7.1 |
Haute |
||
| A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links, aka 'Windows Tile Object Service Denial of Service Vulnerability'. | 7.1 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0783. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0781. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0798, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0858. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0874, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0806. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0770, CVE-2020-0860. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0773, CVE-2020-0860. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0769. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0771. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 9.8 |
Critique |
||
| A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0754. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0753. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0756. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0667, CVE-2020-0735. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0750. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0659. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0755, CVE-2020-0756. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0715, CVE-2020-0792. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0749, CVE-2020-0750. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0743, CVE-2020-0749, CVE-2020-0750. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0737. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the tapisrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0739. | 7.8 |
Haute |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0681. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0667, CVE-2020-0752. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0709. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 7.1 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726. | 7.8 |
Haute |
||
| An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0731. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0726, CVE-2020-0731. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0691, CVE-2020-0719, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0717. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0745, CVE-2020-0792. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0713, CVE-2020-0767. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0767. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0732. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows IME improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows IME Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Imaging Library improperly handles memory.To exploit this vulnerability, an attacker would first have to coerce a victim to open a specially crafted file.The security update addresses the vulnerability by correcting how the Windows Imaging Library handles memory., aka 'Windows Imaging Library Remote Code Execution Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists in the way that affected Microsoft browsers handle cross-origin requests, aka 'Microsoft Browser Information Disclosure Vulnerability'. | 4.3 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Wireless Network Manager improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Wireless Network Manager Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Telephony Service improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A security feature bypass vulnerability exists in secure boot, aka 'Microsoft Secure Boot Security Feature Bypass Vulnerability'. | 6.7 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0683. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0679, CVE-2020-0680. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0679, CVE-2020-0682. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0734. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0680, CVE-2020-0682. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0668, CVE-2020-0669, CVE-2020-0671, CVE-2020-0672. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0667, CVE-2020-0735, CVE-2020-0752. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0666, CVE-2020-0735, CVE-2020-0752. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'. | 8.1 |
Haute |
||
| A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. | 7.5 |
Haute |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0751. | 6.8 |
Moyen |
||
| A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0747. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | 8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. | 5.9 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'. | 9.8 |
Critique |
||
| A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. | 8.1 |
Haute |
||
| An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0635. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0624. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka 'Remote Desktop Web Access Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0615. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0644. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0632, CVE-2020-0633. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0633. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
Haute |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Hyper-V Denial of Service Vulnerability'. | 6 |
Moyen |
||
| An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka 'Microsoft Cryptographic Services Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0639. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. | 7.5 |
Haute |
||
| A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610. | 9.8 |
Critique |
||
| A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609. | 9.8 |
Critique |
||
| A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'. | 3.3 |
Bas |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1483. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1474. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1472. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | 6 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1466. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1466, CVE-2019-1467. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1467. | 6.5 |
Moyen |
||
| A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. | 7.5 |
Haute |
||
| SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used. | 10 |
Critique |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1419. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1437. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1437, CVE-2019-1438. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1429. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1427, CVE-2019-1428, CVE-2019-1429. | 7.5 |
Haute |
||
| A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel, aka 'NetLogon Security Feature Bypass Vulnerability'. | 8.1 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1423. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1456. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1422, CVE-2019-1423. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1383. | 7.8 |
Haute |
||
| An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | 3.3 |
Bas |
||
| An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls, aka 'Microsoft Edge Security Feature Bypass Vulnerability'. | 4.3 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1434. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Windows Remote Procedure Call Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1432. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1433, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438. | 7.8 |
Haute |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1310. | 6.2 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1408, CVE-2019-1434. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1398. | 8.4 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 7.5 |
Haute |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2018-12207. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1397, CVE-2019-1398. | 8.4 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1417. | 7.8 |
Haute |
||
| A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. | 9.9 |
Critique |
||
| An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication, aka 'Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability'. | 5.5 |
Moyen |
||
| A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721. | 9.1 |
Critique |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1309, CVE-2019-1310, CVE-2019-1399. | 6.8 |
Moyen |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1334. | 5.5 |
Moyen |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347. | 6.5 |
Moyen |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608. | 4.3 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1358. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests., aka 'Microsoft IIS Server Elevation of Privilege Vulnerability'. | 9.9 |
Critique |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
Haute |
||
| A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'. | 5.9 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems, aka 'Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability'. | 5.5 |
Moyen |
||
| A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka 'Windows Power Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339. | 7.8 |
Haute |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357. | 4.3 |
Moyen |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'. | 5.9 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239. | 6.4 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1308, CVE-2019-1335, CVE-2019-1366. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1335, CVE-2019-1366. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'. | 7.3 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221. | 7.5 |
Haute |
||
| A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka 'Windows Network Connectivity Assistant Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1291. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1290. | 8.8 |
Haute |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 4.9 |
Moyen |
||
| An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1300. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298. | 7.5 |
Haute |
||
| An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1272. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege exists in hdAudio.sys which may lead to an out of band write, aka 'Windows Media Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1269. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1256. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1252. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1249, CVE-2019-1250. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1250. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1286. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1285. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'. | 4.3 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1208. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298, CVE-2019-1300. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251. | 6.5 |
Moyen |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | 6.2 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM. | 5.6 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. | 4.2 |
Moyen |
||
| An elevation of privilege exists in SyncController.dll. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the SyncController.dll handles processes these requests. | 6.5 |
Moyen |
||
| A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could cause the DHCP service to become nonresponsive. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed. The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets. | 7.5 |
Haute |
||
| A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. To exploit the vulnerability, a remote unauthenticated attacker could send a specially crafted packet to an affected DHCP server. The security update addresses the vulnerability by correcting how DHCP servers handle network packets. | 9.8 |
Critique |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how DirectX handles objects in memory. | 7 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the rpcss.dll properly handles objects in memory. | 7 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the ssdpsrv.dll properly handles objects in memory. | 7 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the unistore.dll properly handles objects in memory. | 7 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the wcmsvc.dll properly handles objects in memory. | 7 |
Haute |
||
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. | 9.8 |
Critique |
||
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. | 9.8 |
Critique |
||
| This information is being revised to indicate that this CVE (CVE-2019-1183) is fully mitigated by the security updates for the vulnerability discussed in CVE-2019-1194. No update is required. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the wcmsvc.dll properly handles objects in memory. | 7 |
Haute |
||
| A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input. | 5.5 |
Moyen |
||
| A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how affected Microsoft browsers handle different-origin requests. | 4.3 |
Moyen |
||
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory. | 6.4 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. | 4.2 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system once MpSigStub.exe ran again. The update addresses the vulnerability and blocks the arbitrary deletion. | 7.1 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC. | 7.8 |
Haute |
||
| A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. To exploit the vulnerability, an attacker could modify a signed CAB file and inject malicious code. The attacker could then convince a target user to execute the file. The update addresses the vulnerability by correcting how Windows validates file signatures. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. | 7.8 |
Haute |
||
| An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the p2pimsvc service handles processes these requests. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. To exploit the vulnerability, an attacker would have to trick a user into browsing to a specially crafted website, allowing the attacker to steal the user's token. The security update addresses the vulnerability by correcting how MSA handles cookies. | 4.3 |
Moyen |
||
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Windows Hyper-V Network Switch validates guest operating system network traffic. | 8 |
Haute |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch. | 5.8 |
Moyen |
||
| A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client. The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses. | 9.8 |
Critique |
||
| An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The update addresses the vulnerability by modifying how Microsoft Edge based on Edge HTML handles objects in memory. | 4.3 |
Moyen |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. | 4.2 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | 8.8 |
Haute |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch. | 5.8 |
Moyen |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch. | 5.8 |
Moyen |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory. | 5.8 |
Moyen |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch. | 5.8 |
Moyen |
||
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129. | 7.8 |
Haute |
||
| A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0975. | 5.3 |
Moyen |
||
| A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1106. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1107. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1106, CVE-2019-1107. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1087, CVE-2019-1088. | 7.8 |
Haute |
||
| An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1086, CVE-2019-1088. | 7.8 |
Haute |
||
| An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1086, CVE-2019-1087. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request. To exploit this vulnerability, a low level authenticated attacker could run a specially crafted application. The security update addresses this vulnerability by correcting how rpcss.dll handles these requests., aka 'Windows RPCSS Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory, aka 'Microsoft unistore.dll Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1093. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1004, CVE-2019-1056, CVE-2019-1059. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1056, CVE-2019-1059. | 7.5 |
Haute |
||
| An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1059. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1056. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1092, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1073. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in Microsoft Windows where a certain DLL, with Local Service privilege, is vulnerable to race planting a customized DLL.An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM.The update addresses this vulnerability by requiring SYSTEM privileges for a certain DLL., aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1074. | 7.8 |
Haute |
||
| A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries, aka 'Windows DNS Server Denial of Service Vulnerability'. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | 8 |
Haute |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | 6.8 |
Moyen |
||
| A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security update corrects how ADFS updates its list of banned IP addresses., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-1126. | 6.3 |
Moyen |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'. | 9.8 |
Critique |
||
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1052. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts, aka 'Windows Shell Elevation of Privilege Vulnerability'. | 8.8 |
Haute |
||
| A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW), aka 'Microsoft Edge Security Feature Bypass Vulnerability'. | 5 |
Moyen |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1080. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1055. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka 'Microsoft Browser Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0990. | 6.5 |
Moyen |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 7.5 |
Haute |
||
| An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1007, CVE-2019-1021, CVE-2019-1022, CVE-2019-1026, CVE-2019-1027. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'. | 5.9 |
Moyen |
||
| A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'. | 6.8 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 7.1 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1023. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1055, CVE-2019-1080. | 7.5 |
Haute |
||
| An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1021, CVE-2019-1022, CVE-2019-1026, CVE-2019-1027, CVE-2019-1028. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0960, CVE-2019-1017. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0960, CVE-2019-1014. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. | 8.5 |
Haute |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0711, CVE-2019-0713. | 6.8 |
Moyen |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0710, CVE-2019-0713. | 6.8 |
Moyen |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0710, CVE-2019-0711. | 6.8 |
Moyen |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0620, CVE-2019-0709. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory, aka 'ActiveX Data Objects (ADO) Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0909, CVE-2019-0974. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0974. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0988, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080. | 7.5 |
Haute |
||
| A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests, aka 'Microsoft IIS Server Denial of Service Vulnerability'. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity, aka 'Windows Event Viewer Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0998. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0959. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0709, CVE-2019-0722. | 8.4 |
Haute |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0620, CVE-2019-0722. | 8.4 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981. | 7.5 |
Haute |
||
| A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0758, CVE-2019-0882. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0937. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0734. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | 9 |
Critique |
||
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in the Unified Write Filter (UWF) feature for Windows 10 when it improperly restricts access to the registry, aka 'Unified Write Filter Elevation of Privilege Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0884, CVE-2019-0918. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0884, CVE-2019-0911. | 7.5 |
Haute |
||
| An spoofing vulnerability exists when Internet Explorer improperly handles URLs, aka 'Internet Explorer Spoofing Vulnerability'. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0933, CVE-2019-0937. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0758, CVE-2019-0961. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0911, CVE-2019-0918. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | 6.8 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0901, CVE-2019-0902. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0902. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level, aka 'Windows NDIS Elevation of Privilege Vulnerability'. | 7 |
Haute |
||
| A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Remote Code Execution Vulnerability'. | 9.8 |
Critique |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'. | 5.3 |
Moyen |
||
| An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this vulnerability by changing how these requests are validated., aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0936. | 8.1 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0882, CVE-2019-0961. | 6.5 |
Moyen |
||
| A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. | 7.5 |
Haute |
||
| A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0879. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'. | 7.2 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0861. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0753. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0838. | 4.4 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0840. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content, aka 'Windows IOleCvt Interface Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0814. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0802. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0877, CVE-2019-0879. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0860, CVE-2019-0861. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory, aka 'Microsoft Scripting Engine Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0841. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0839. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0848. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0793, CVE-2019-0795. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when OLE automation improperly handles objects in memory, aka 'OLE Automation Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0849. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0836, CVE-2019-0841. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0803, CVE-2019-0859. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841. | 7.8 |
Haute |
||
| A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Security Feature Bypass Vulnerability'. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0752, CVE-2019-0753, CVE-2019-0862. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0862. | 7.5 |
Haute |
||
| A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions, aka 'Microsoft Browsers Tampering Vulnerability'. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0775. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka 'Windows ActiveX Remote Code Execution Vulnerability'. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0703, CVE-2019-0704. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0773, CVE-2019-0783. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0667. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0783. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0614. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0782. | 4.7 |
Moyen |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects in memory, aka 'Windows Print Spooler Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0768. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0775, CVE-2019-0782. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0755, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0703, CVE-2019-0821. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | 6.8 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783. | 7.5 |
Haute |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0695, CVE-2019-0701. | 6.8 |
Moyen |
||
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0701. | 6.8 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0666, CVE-2019-0667, CVE-2019-0772. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0774. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions. The security update addresses the vulnerability by correcting how Windows Deployment Services TFTP Server handles objects in memory, aka 'Windows Deployment Services TFTP Server Remote Code Execution Vulnerability'. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0599, CVE-2019-0625. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0625. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0601. | 4.7 |
Moyen |
||
| An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0600. | 4.7 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0662. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0660, CVE-2019-0664. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0661, CVE-2019-0663. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599. | 7.8 |
Haute |
||
| A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'. | 9.8 |
Critique |
||
| A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0631, CVE-2019-0632. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633. | 8.8 |
Haute |
||
| A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0627, CVE-2019-0632. | 7.8 |
Haute |
||
| A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0627, CVE-2019-0631. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0630. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | 6.2 |
Moyen |
||
| An information vulnerability exists when Windows improperly discloses file information, aka 'Windows Information Disclosure Vulnerability'. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0634, CVE-2019-0650. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0652, CVE-2019-0655. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0655. | 7.5 |
Haute |
||
| A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects, aka 'Microsoft Browser Spoofing Vulnerability'. | 4.3 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7 |
Haute |
||
| A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'. | 5.9 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'. | 7 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0664. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0618. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0621, CVE-2019-0661. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0549, CVE-2019-0554, CVE-2019-0569. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0554, CVE-2019-0569. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0550. | 8.4 |
Haute |
||
| An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0569. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft XmlDocument Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0554. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka "Windows Runtime Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0572, CVE-2019-0573, CVE-2019-0574. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0573, CVE-2019-0574. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0574. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0583, CVE-2019-0584. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0584. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8641. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8621, CVE-2018-8622. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory, aka "Remote Procedure Call runtime Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
Moyen |
||
| A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka ".NET Framework Denial Of Service Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2. | 9.8 |
Critique |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8596. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8595. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values, aka "Connected User Experiences and Telemetry Service Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8624, CVE-2018-8629. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8629. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka "Windows DNS Server Heap Overflow Vulnerability." This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers. | 9.8 |
Critique |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory, aka "Microsoft Text-To-Speech Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8639. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver improperly initializes objects in memory, aka "MSRPC Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
Moyen |
||
| A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard, aka "Microsoft JScript Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 5.3 |
Moyen |
||
| A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory, aka "Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 8.1, Windows 7, Windows Server 2019. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10 Servers. | 9.8 |
Critique |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8554, CVE-2018-8561. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
Haute |
||
| A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directory Federation Services XSS Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 5.4 |
Moyen |
||
| A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 5.5 |
Moyen |
||
| An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8557, CVE-2018-8588. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8588. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8485, CVE-2018-8554. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | 4.3 |
Moyen |
||
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka "Win32k Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
Moyen |
||
| A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 4.6 |
Moyen |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557. | 7.5 |
Haute |
||
| Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 4.3 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
Moyen |
||
| An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka "Microsoft Filter Manager Elevation Of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7 |
Haute |
||
| An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8491. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8482. | 3.1 |
Bas |
||
| An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8481. | 3.1 |
Bas |
||
| An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8490. | 8.4 |
Haute |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2018-8489. | 8.4 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8460. | 7.5 |
Haute |
||
| A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 5.3 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka "Windows TCP/IP Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8505, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513. | 7.5 |
Haute |
||
| Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. | 8.6 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8439. | 8.4 |
Haute |
||
| An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | 4.2 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8391, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8465, CVE-2018-8466, CVE-2018-8467. | 7.5 |
Haute |
||
| A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393. | 7.8 |
Haute |
||
| A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8392. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0. | 9.8 |
Critique |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8422. | 6.5 |
Moyen |
||
| A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | 4.3 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 4.7 |
Moyen |
||
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.4 |
Moyen |
||
| A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 4.2 |
Moyen |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8437. | 6.8 |
Moyen |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0965. | 8.4 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8445, CVE-2018-8446. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8461. | 7.5 |
Haute |
||
| A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 3.3 |
Bas |
||
| An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. | 4.3 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8459. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge PDF Remote Code Execution Vulnerability." This affects Microsoft Edge. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8466, CVE-2018-8467. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8467. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8466. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 4.7 |
Moyen |
||
| An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8463. | 7.4 |
Haute |
||
| A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
Haute |
||
| The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405. | 7.8 |
Haute |
||
| An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers. | 7.8 |
Haute |
||
| A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204. | 5.3 |
Moyen |
||
| A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8200. | 5.3 |
Moyen |
||
| An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10. | 4.6 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8380, CVE-2018-8381, CVE-2018-8384. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 11, Internet Explorer 10. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka "Windows Installer Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7 |
Haute |
||
| A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka "AD FS Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows Server 2012 R2, Windows 10 Servers. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8348. | 4.7 |
Moyen |
||
| An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDIS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8342. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8346. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8341. | 4.7 |
Moyen |
||
| A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka "Microsoft Browser Elevation of Privilege Vulnerability." This affects Internet Explorer 11, Microsoft Edge. | 8.3 |
Haute |
||
| An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. | 7.5 |
Haute |
||
| A information disclosure vulnerability exists when WebAudio Library improperly handles audio requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. | 3.1 |
Bas |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8384. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8389, CVE-2018-8390. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8390. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8396, CVE-2018-8398. | 6.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8394, CVE-2018-8396. | 6.5 |
Moyen |
||
| An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8405, CVE-2018-8406. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8399. | 7 |
Haute |
||
| A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. | 7.8 |
Haute |
||
| A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections, aka "Windows FTP Server Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.5 |
Haute |
||
| A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 5.3 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298. | 7.5 |
Haute |
||
| A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8279, CVE-2018-8301. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8286, CVE-2018-8290, CVE-2018-8294. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. | 8.1 |
Haute |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8294. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8298. | 7.5 |
Haute |
||
| A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.9 |
Moyen |
||
| A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.3 |
Moyen |
||
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 6.6 |
Moyen |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8314. | 7.8 |
Haute |
||
| A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8249. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 7 |
Haute |
||
| An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7 |
Haute |
||
| A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka "Windows Code Integrity Module Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.3 |
Moyen |
||
| An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka "HIDParser Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7 |
Haute |
||
| A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221. | 4.5 |
Moyen |
||
| A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8121. | 4.7 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8214. | 7 |
Haute |
||
| An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka "Windows Wireless Network Profile Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 8 |
Haute |
||
| A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8213. | 7.8 |
Haute |
||
| A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221. | 5.3 |
Moyen |
||
| A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8210. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8208. | 7 |
Haute |
||
| A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221. | 5.3 |
Moyen |
||
| A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8217, CVE-2018-8221. | 5.3 |
Moyen |
||
| A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8221. | 5.3 |
Moyen |
||
| An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 8.8 |
Haute |
||
| A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217. | 5.3 |
Moyen |
||
| A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.1 |
Haute |
||
| A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory, aka "HTTP Protocol Stack Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 8.1 |
Haute |
||
| An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0871. | 4.3 |
Moyen |
||
| A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. | 4.3 |
Moyen |
||
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8111. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 5.5 |
Moyen |
||
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka "Media Foundation Memory Corruption Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8243. | 7.5 |
Haute |
||
| Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | 5.5 |
Moyen |
||
| A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035. | 5.3 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.5 |
Haute |
||
| A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
Haute |
||
| A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0958, CVE-2018-8129, CVE-2018-8132. | 5.3 |
Moyen |
||
| A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-8129, CVE-2018-8132. | 5.3 |
Moyen |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.6 |
Haute |
||
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 7.6 |
Haute |
||
| A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8164, CVE-2018-8166. | 7 |
Haute |
||
| A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11. | 8.8 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8141. | 5.5 |
Moyen |
||
| A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8132. | 5.3 |
Moyen |
||
| A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8129. | 5.3 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 7 |
Haute |
||
| A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177. | 7.5 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8166. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8164. | 7 |
Haute |
||
| An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0991, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Moyen |
||
| A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings, aka "Active Directory Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 5.3 |
Moyen |
||
| An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0998. | 4.3 |
Moyen |
||
| A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0964. | 5.3 |
Moyen |
||
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Moyen |
||
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 3.3 |
Bas |
||
| A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka "Windows SNMP Service Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.3 |
Moyen |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0974, CVE-2018-0975. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0975. | 5.5 |
Moyen |
||
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974. | 5.5 |
Moyen |
||
| A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.3 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0987, CVE-2018-0989, CVE-2018-1000. | 5.3 |
Moyen |
||
| An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0989, CVE-2018-1000. | 4.3 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0996, CVE-2018-1001. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-1000. | 4.3 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0995, CVE-2018-1019. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-1019. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0988, CVE-2018-1001. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-1018, CVE-2018-1020. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892. | 4.3 |
Moyen |
||
| An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-0989. | 5.3 |
Moyen |
||
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0988, CVE-2018-0996. | 7.5 |
Haute |
||
| A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Internet Explorer 9, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10. | 8.8 |
Haute |
||
| An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7 |
Haute |
||
| An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1015, CVE-2018-1016. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1016. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1020. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1018. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. | 7.5 |
Haute |
||
| A denial of service vulnerability exists in the way that Windows handles objects in memory, aka "Microsoft Graphics Component Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection. | 8.8 |
Haute |
||
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | 5.5 |
Moyen |
||
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926. | 5.5 |
Moyen |
||
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926. | 5.5 |
Moyen |
||
| The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0817. | 7 |
Haute |
||
| The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0816. | 7 |
Haute |
||
| Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how input is sanitized, aka "Windows Installer Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. | 7.5 |
Haute |
||
| Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0889, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935. | 7.5 |
Haute |
||
| The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka "Windows Desktop Bridge VFS Elevation of Privilege Vulnerability". | 7.8 |
Haute |
||
| Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability". | 3.1 |
Bas |
||
| The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0882. | 7 |
Haute |
||
| The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege due to how objects are handled in memory, aka "Microsoft Video Control Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0880. | 7 |
Haute |
||
| Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations are validated, aka "Windows Shell Remote Code Execution Vulnerability". | 7.5 |
Haute |
||
| Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to how objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0902. | 7.8 |
Haute |
||
| The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to how input from a privileged user on a guest operating system is validated, aka "Hyper-V Denial of Service Vulnerability". | 5.8 |
Moyen |
||
| The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability". | 7 |
Haute |
||
| The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how guest operating system input is validated, aka "Hyper-V Information Disclosure Vulnerability". | 5.6 |
Moyen |
||
| Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935. | 7.5 |
Haute |
||
| ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0939. | 4.3 |
Moyen |
||
| Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0925, and CVE-2018-0935. | 7.5 |
Haute |
||
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | 4.7 |
Moyen |
||
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | 4.7 |
Moyen |
||
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | 4.7 |
Moyen |
||
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | 4.7 |
Moyen |
||
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | 4.7 |
Moyen |
||
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | 4.7 |
Moyen |
||
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0901 and CVE-2018-0926. | 4.7 |
Moyen |
||
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0926. | 4.7 |
Moyen |
||
| The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0884. | 7.8 |
Haute |
||
| The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure vulnerability due to how memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". | 4.7 |
Moyen |
||
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901. | 5.5 |
Moyen |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability". | 4.3 |
Moyen |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability". | 4.3 |
Moyen |
||
| ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability". | 4.3 |
Moyen |
||
| ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. | 7.5 |
Haute |
||
| ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0925. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone and integrity settings, aka "Internet Explorer Elevation of Privilege Vulnerability". | 2.6 |
Bas |
||
| The Windows kernel mode driver in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects are handled in memory, aka "Win32k Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0756. CVE-2018-0809, CVE-2018-0820 and CVE-2018-0843. | 7.8 |
Haute |
||
| The Windows kernel in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0809, CVE-2018-0820 and CVE-2018-0843. | 7.8 |
Haute |
||
| The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0810. | 4.7 |
Moyen |
||
| Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka "Microsoft Edge Security Feature Bypass". | 4.3 |
Moyen |
||
| AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability". | 7 |
Haute |
||
| NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how objects are handled in memory, aka "StructuredQuery Remote Code Execution Vulnerability". | 7.5 |
Haute |
||
| Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability". | 7.8 |
Haute |
||
| The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0830 and CVE-2018-0832. | 4.7 |
Moyen |
||
| The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0829 and CVE-2018-0832. | 4.7 |
Moyen |
||
| The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability". | 7.8 |
Haute |
||
| The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0829 and CVE-2018-0830. | 4.7 |
Moyen |
||
| Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | 7.5 |
Haute |
||
| Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | 7.5 |
Haute |
||
| Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | 7.5 |
Haute |
||
| Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | 7.5 |
Haute |
||
| Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0846. | 7.8 |
Haute |
||
| The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0844. | 7.8 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability". | 4.3 |
Moyen |
||
| Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | 7.5 |
Haute |
||
| Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | 7.5 |
Haute |
||
| Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0861, and CVE-2018-0866. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0866. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0861. | 7.5 |
Haute |
||
| The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and CVE-2018-0843. | 7.8 |
Haute |
||
| Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. | 7.5 |
Haute |
||
| Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability." | 7.5 |
Haute |
||
| The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0747. | 4.7 |
Moyen |
||
| The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746. | 4.7 |
Moyen |
||
| The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability". | 7.8 |
Haute |
||
| The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka "Windows Elevation of Privilege Vulnerability". | 7.8 |
Haute |
||
| The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0752. | 7.1 |
Haute |
||
| The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0751. | 7.8 |
Haute |
||
| Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the way objects are handled in memory, aka "Windows IPSec Denial of Service Vulnerability". | 5.9 |
Moyen |
||
| The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Information Disclosure Vulnerability". | 5.5 |
Moyen |
||
| Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". | 4.3 |
Moyen |
||
| Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800. | 5.3 |
Moyen |
||
| Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 7.5 |
Haute |
||
| Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 7.5 |
Haute |
||
| Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | 7.5 |
Haute |
||
| Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0778, and CVE-2018-0781. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800. | 5.3 |
Moyen |
||
| Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0778. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of Privilege Vulnerability". | 4.2 |
Moyen |
||
| Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability". | 6.6 |
Moyen |
||
| Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919. | 5.3 |
Moyen |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability". | 9.8 |
Critique |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919. | 5.3 |
Moyen |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, and CVE-2017-11930. | 7.5 |
Haute |
||
| ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906. | 5.3 |
Moyen |
||
| Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka "Microsoft Windows Information Disclosure Vulnerability". | 6.5 |
Moyen |
||
| ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, and CVE-2017-11916. | 7.5 |
Haute |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937. | 7.8 |
Haute |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". | 7.8 |
Haute |
||
| Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." | 2.5 |
Bas |
||
| Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability". | 7.5 |
Haute |
||
| ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834. | 3.1 |
Bas |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". | 7.5 |
Haute |
||
| Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability". | 5.3 |
Moyen |
||
| Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted application that can compromise the user's system due to how the Windows kernel initializes memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11880. | 4.7 |
Moyen |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11844. | 3.1 |
Bas |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11791. | 5.3 |
Moyen |
||
| ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
Haute |
||
| ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
Haute |
||
| ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
Haute |
||
| Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11849, CVE-2017-11851, and CVE-2017-11853. | 4.7 |
Moyen |
||
| ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
Haute |
||
| ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
Haute |
||
| Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". | 7.8 |
Haute |
||
| Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation of the user leaving a maliciously crafted page, due to how page content is handled by Internet Explorer, aka "Internet Explorer Information Disclosure Vulnerability". | 4.3 |
Moyen |
||
| Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11851, and CVE-2017-11853. | 4.7 |
Moyen |
||
| Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability". | 2.5 |
Bas |
||
| The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11853. | 4.7 |
Moyen |
||
| Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11851. | 5.5 |
Moyen |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11856. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11855. | 7.5 |
Haute |
||
| ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
Haute |
||
| Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874. | 6.1 |
Moyen |
||
| ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11874. | 6.5 |
Moyen |
||
| ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11871. | 7.5 |
Haute |
||
| Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11831. | 4.7 |
Moyen |
||
| Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | 7.5 |
Haute |
||
| The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-11763. | 8.8 |
Haute |
||
| The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-11763. | 8.8 |
Haute |
||
| The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11784, CVE-2017-11785, and CVE-2017-11814. | 5.5 |
Moyen |
||
| The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles loading dll files, aka "TRIE Remote Code Execution Vulnerability". | 7.8 |
Haute |
||
| The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows Search Remote Code Execution Vulnerability". | 9.8 |
Critique |
||
| The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to properly handle objects in memory, aka "Microsoft Search Information Disclosure Vulnerability". | 7.5 |
Haute |
||
| The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability". | 8.1 |
Haute |
||
| The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a remote code execution vulnerability when it fails to properly handle certain requests, aka "Windows SMB Remote Code Execution Vulnerability". | 7 |
Haute |
||
| The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". | 7.5 |
Haute |
||
| The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Elevation of Privilege Vulnerability". | 7.8 |
Haute |
||
| Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call (ALPC), aka "Windows Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11814. | 5.5 |
Moyen |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability". | 4.3 |
Moyen |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821. | 7.5 |
Haute |
||
| The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11785. | 5.5 |
Moyen |
||
| The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". | 5.3 |
Moyen |
||
| The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Windows GDI Information Disclosure Vulnerability". | 5.5 |
Moyen |
||
| The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly validates objects in memory, aka "Windows Information Disclosure Vulnerability". | 4.7 |
Moyen |
||
| The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security Feature Bypass Vulnerability". | 4.5 |
Moyen |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11813. | 7.5 |
Haute |
||
| The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass". | 6.7 |
Moyen |
||
| The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions. | 5.5 |
Moyen |
||
| The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8694. | 7 |
Haute |
||
| The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Microsoft Graphics Information Disclosure Vulnerability". | 5.5 |
Moyen |
||
| The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8689. | 7 |
Haute |
||
| The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass". | 5.3 |
Moyen |
||
| The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8718. | 7.8 |
Haute |
||
| The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8717. | 7.8 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803. | 4.3 |
Moyen |
||
| Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Windows Text Services Framework handles objects in memory, aka "Windows Shell Memory Corruption Vulnerability". | 7.5 |
Haute |
||
| ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821. | 7.5 |
Haute |
||
| The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability". | 8.1 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-8756. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-8751. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648. | 4.3 |
Moyen |
||
| Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 8.8 |
Haute |
||
| The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability".. This CVE ID is unique from CVE-2017-8720. | 7 |
Haute |
||
| The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability." | 3.3 |
Bas |
||
| The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel memory addresses, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. | 5.5 |
Moyen |
||
| The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. | 5.5 |
Moyen |
||
| The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8719. | 5.5 |
Moyen |
||
| The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8687. | 5.5 |
Moyen |
||
| Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683. | 8.8 |
Haute |
||
| Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8682. | 5.5 |
Moyen |
||
| The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681. | 5.5 |
Moyen |
||
| Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8685. | 5.5 |
Moyen |
||
| The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution vulnerability when it fails to properly handle objects in memory, aka "Uniscribe Remote Code Execution Vulnerability". | 7.5 |
Haute |
||
| Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability." | 5.3 |
Moyen |
||
| Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to the way that Windows Shell validates file copy destinations, aka "Windows Shell Remote Code Execution Vulnerability". | 7 |
Haute |
||
| Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka "Windows Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability". | 5.3 |
Moyen |
||
| The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. | 5.3 |
Moyen |
||
| The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8706, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. | 5.3 |
Moyen |
||
| The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8679, CVE-2017-8709, and CVE-2017-8719. | 4.7 |
Moyen |
||
| The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8679, and CVE-2017-8719. | 4.7 |
Moyen |
||
| The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713. | 5.3 |
Moyen |
||
| The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8706, and CVE-2017-8713. | 5.3 |
Moyen |
||
| The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8706. | 5.3 |
Moyen |
||
| The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2,, Windows 10 1607, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Remote Desktop Virtual Host Remote Code Execution Vulnerability". | 7.8 |
Haute |
||
| The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8679. | 4.7 |
Moyen |
||
| The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8675. | 7.8 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8754. | 4.3 |
Moyen |
||
| Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8737. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into believing that the user was visiting a legitimate website, due to the way that Internet Explorer handles specific HTML content, aka "Internet Explorer Spoofing Vulnerability". | 4.3 |
Moyen |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8751, and CVE-2017-11766. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8724. | 4.3 |
Moyen |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka "Microsoft Browser Information Disclosure Vulnerability". | 4.3 |
Moyen |
||
| Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8728. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 7.5 |
Haute |
||
| Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka "Device Guard Security Feature Bypass Vulnerability". | 5.3 |
Moyen |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8749. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8747. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8723. | 4.2 |
Moyen |
||
| Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8756, and CVE-2017-11764. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-11764. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability". | 7.5 |
Haute |
||
| Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." | 7.8 |
Haute |
||
| The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka "Windows DHCP Server Remote Code Execution Vulnerability". | 9.8 |
Critique |
||
| Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8734, CVE-2017-8751, and CVE-2017-11766. | 7.5 |
Haute |
||
| Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.5 |
Haute |
||
| Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka "Windows NetBIOS Denial of Service Vulnerability". | 6.5 |
Moyen |
||
| Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". | 7.8 |
Haute |
||
| Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8642. | 8.8 |
Haute |
||
| Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an remote code execution vulnerability when it fails to properly handle objects in memory, aka "Windows IME Remote Code Execution Vulnerability". | 7.8 |
Haute |
||
| Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability". | 8.1 |
Haute |
||
| Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability". | 6.8 |
Moyen |
||
| CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability". | 7.8 |
Haute |
||
| Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability". | 8.8 |
Haute |
||
| Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability". | 7.5 |
Haute |
||
| Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | 7.5 |
Haute |
||
| Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | 7.5 |
Haute |
||
| Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | 7.5 |
Haute |
||
| Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | 7.5 |
Haute |
||
| Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8652 and CVE-2017-8662. | 4.3 |
Moyen |
||
| Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | 7.5 |
Haute |
||
| Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8662. | 6.5 |
Moyen |
||
| Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly accessing objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8669. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". | 7.5 |
Haute |
||
| Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability". | 8.8 |
Haute |
||
| Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability". | 5.5 |
Moyen |
||
| Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly handling objects in memory while rendering content, aka "Microsoft Browser Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8653. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8674. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8672, and CVE-2017-8674. | 7.5 |
Haute |
||
| Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability due to the way it parses XML input, aka "Windows Performance Monitor Information Disclosure Vulnerability". | 6.5 |
Moyen |
||
| Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it improperly handles executable files and shares during rename operations, aka "Windows Explorer Remote Code Execution Vulnerability". | 7.8 |
Haute |
||
| Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka "Win32k Information Disclosure Vulnerability". | 4.7 |
Moyen |
||
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka "Kerberos SNAME Security Feature Bypass Vulnerability" or Orpheus' Lyre. | 7.5 |
Haute |
||
| Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8574. | 7 |
Haute |
||
| Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka "Windows System Information Console Information Disclosure Vulnerability". | 5.5 |
Moyen |
||
| Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability". | 8.1 |
Haute |
||
| Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability". | 5.5 |
Moyen |
||
| Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when PSObject wraps a CIM Instance, aka "Windows PowerShell Remote Code Execution Vulnerability". | 8.1 |
Haute |
||
| Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability". | 7 |
Haute |
||
| Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8574 and CVE-2017-8556. | 7 |
Haute |
||
| Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8556. | 7 |
Haute |
||
| Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. | 7 |
Haute |
||
| Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. | 7.8 |
Haute |
||
| Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467. | 7 |
Haute |
||
| Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467. | 7 |
Haute |
||
| HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when the component improperly handles objects in memory, aka "Https.sys Information Disclosure Vulnerability". | 5.9 |
Moyen |
||
| Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka "HoloLens Remote Code Execution Vulnerability." | 7.5 |
Haute |
||
| Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially crafted files, aka "WordPad Remote Code Execution Vulnerability". | 7 |
Haute |
||
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability". | 9.8 |
Critique |
||
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability". | 8.8 |
Haute |
||
| Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka "Microsoft Browser Security Feature Bypass". | 6.5 |
Moyen |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601,CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8610, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". | 6.5 |
Moyen |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8598 and CVE-2017-8609. | 7.5 |
Haute |
||
| Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing Vulnerability." | 6.5 |
Moyen |
||
| Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | 7.5 |
Haute |
||
| Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609 | 7.5 |
Haute |
||
| Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-8609 | 7.5 |
Haute |
||
| Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8607, and CVE-2017-8609 | 7.5 |
Haute |
||
| Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | 7.5 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8619, CVE-2017-9598 and CVE-2017-8609. | 7.5 |
Haute |
||
| Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618, CVE-2017-9598 and CVE-2017-8609. | 7.5 |
Haute |
||
| The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application. | 4.7 |
Moyen |
||
| The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics Component Information Disclosure Vulnerability." | 5.5 |
Moyen |
||
| The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability." | 7 |
Haute |
||
| The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability." | 7 |
Haute |
||
| Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability." | 8.8 |
Haute |
||
| Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability". | 9.8 |
Critique |
||
| Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. | 5.3 |
Moyen |
||
| Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability". | 7.8 |
Haute |
||
| Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. | 5.3 |
Moyen |
||
| Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0218, and CVE-2017-0219. | 5.3 |
Moyen |
||
| Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0219. | 5.3 |
Moyen |
||
| Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0218. | 5.3 |
Moyen |
||
| Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0284, CVE-2017-0285, and CVE-2017-8534. | 5 |
Moyen |
||
| Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528. | 8.8 |
Haute |
||
| Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0285, and CVE-2017-8534. | 5 |
Moyen |
||
| Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft Office Word Viewer allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-8534. | 5 |
Moyen |
||
| Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533. | 5 |
Moyen |
||
| Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533. | 5 |
Moyen |
||
| Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533. | 5 |
Moyen |
||
| Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0292. | 7.8 |
Haute |
||
| Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0291. | 7.8 |
Haute |
||
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute remote code when Windows fails to properly handle cabinet files, aka "Windows Remote Code Execution Vulnerability". | 7.8 |
Haute |
||
| Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka "Windows Default Folder Tampering Vulnerability". | 5.5 |
Moyen |
||
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to elevate privilege when tdx.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows TDX Elevation of Privilege Vulnerability". | 7.8 |
Haute |
||
| The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300. | 5 |
Moyen |
||
| A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to run arbitrary code in another user's session, aka "Windows COM Session Elevation of Privilege Vulnerability." | 7.3 |
Haute |
||
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, and CVE-2017-0297. | 5 |
Moyen |
||
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, and CVE-2017-0297. | 5 |
Moyen |
||
| Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka "Windows PDF Information Disclosure Vulnerability". | 7.3 |
Haute |
||
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | 5 |
Moyen |
||
| Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8468. | 7.8 |
Haute |
||
| Windows Cursor in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows improper elevation of privilege, aka "Windows Cursor Elevation of Privilege Vulnerability". | 7.8 |
Haute |
||
| Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8465. | 7.8 |
Haute |
||
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. | 5 |
Moyen |
||
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. | 5 |
Moyen |
||
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. | 5 |
Moyen |
||
| The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | 5 |
Moyen |
||
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8477, and CVE-2017-8484. | 5 |
Moyen |
||
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | 5 |
Moyen |
||
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484. | 5 |
Moyen |
||
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | 5 |
Moyen |
||
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | 5 |
Moyen |
||
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | 5 |
Moyen |
||
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | 5 |
Moyen |
||
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | 5 |
Moyen |
||
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | 5 |
Moyen |
||
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8477. | 5 |
Moyen |
||
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | 5 |
Moyen |
||
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | 5 |
Moyen |
||
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | 5 |
Moyen |
||
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | 5 |
Moyen |
||
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | 5 |
Moyen |
||
| Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka "Windows Security Feature Bypass Vulnerability". | 5.5 |
Moyen |
||
| Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of Privilege Vulnerability". | 7.3 |
Haute |
||
| Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8497. | 7.5 |
Haute |
||
| Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8496. | 7.5 |
Haute |
||
| Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8504. | 4.3 |
Moyen |
||
| Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8498. | 4.3 |
Moyen |
||
| Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka "Windows VAD Cloning Denial of Service Vulnerability". | 5.5 |
Moyen |
||
| Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8522 and CVE-2017-8524. | 7.5 |
Haute |
||
| Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8524. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555. | 4.3 |
Moyen |
||
| Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8522. | 7.5 |
Haute |
||
| Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability". | 8.8 |
Haute |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability". | 6.5 |
Moyen |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8555. | 5.4 |
Moyen |
||
| Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8532, and CVE-2017-8533. | 6.5 |
Moyen |
||
| Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533. | 6.5 |
Moyen |
||
| Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532. | 6.5 |
Moyen |
||
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to obtain information to further compromise the user's system when Windows Search fails to handle objects in memory, aka "Windows Search Information Disclosure Vulnerability". | 5.5 |
Moyen |
||
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8519. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8549. | 7.5 |
Haute |
||
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8548. | 7.5 |
Haute |
||
| An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure Vulnerability". | 4.7 |
Moyen |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541. | 7.8 |
Haute |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. | 5.5 |
Moyen |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. | 5.5 |
Moyen |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542. | 5.5 |
Moyen |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541. | 7.8 |
Haute |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542. | 5.5 |
Moyen |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8540. | 7.8 |
Haute |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539. | 5.5 |
Moyen |
||
| Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214. | 7.3 |
Haute |
||
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0226. | 8.8 |
Haute |
||
| The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | 7.8 |
Haute |
||
| The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow a local authenticated attacker to execute a specially crafted application to obtain information, or in Windows 7 and later, cause denial of service, aka "Win32k Information Disclosure Vulnerability." | 7.8 |
Haute |
||
| Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are configured to answer version queries, aka "Windows DNS Server Denial of Service Vulnerability". | 5.9 |
Moyen |
||
| The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability." | 4.4 |
Moyen |
||
| Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows Hyper-V vSMB Elevation of Privilege Vulnerability". | 7.6 |
Haute |
||
| Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly validate input before loading type libraries, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0213. | 7 |
Haute |
||
| The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka "Win32k Elevation of Privilege Vulnerability." | 7 |
Haute |
||
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0259. | 4.7 |
Moyen |
||
| The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0258. | 4.7 |
Moyen |
||
| Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276. | 5.9 |
Moyen |
||
| Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276. | 5.9 |
Moyen |
||
| The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280. | 5.9 |
Moyen |
||
| Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276. | 5.9 |
Moyen |
||
| Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276. | 5.9 |
Moyen |
||
| The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279. | 8.1 |
Haute |
||
| The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280. | 5.9 |
Moyen |
||
| Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0275, and CVE-2017-0276. | 5.9 |
Moyen |
||
| Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0276. | 5.9 |
Moyen |
||
| Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0275. | 5.9 |
Moyen |
||
| The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0278, and CVE-2017-0279. | 7 |
Haute |
||
| The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0279. | 7 |
Haute |
||
| The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278. | 7 |
Haute |
||
| The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0273. | 5.9 |
Moyen |
||
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." | 7.8 |
Haute |
||
| An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability." | 8.8 |
Haute |
||
| A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." | 4.7 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability." | 7 |
Haute |
||
| An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability." | 7.5 |
Haute |
||
| A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability." | 3.7 |
Bas |
||
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0163, CVE-2017-0180, and CVE-2017-0181. | 7.6 |
Haute |
||
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0180, and CVE-2017-0181. | 7.6 |
Haute |
||
| A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability." | 4.4 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability." | 8.1 |
Haute |
||
| An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. "Windows Kernel Information Disclosure Vulnerability." | 5.5 |
Moyen |
||
| A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | 5.4 |
Moyen |
||
| A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | 5.8 |
Moyen |
||
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0181. | 7.6 |
Haute |
||
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180. | 7.6 |
Haute |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | 5.8 |
Moyen |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | 5.8 |
Moyen |
||
| A denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, and CVE-2017-0186. | 5.4 |
Moyen |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0186. | 5.8 |
Moyen |
||
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0185. | 5.8 |
Moyen |
||
| A Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0189. | 3.3 |
Bas |
||
| An elevation of privilege vulnerability exists in Windows 10 when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0188. | 7.8 |
Haute |
||
| A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability." | 5.8 |
Moyen |
||
| The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive information via a specially crafted document or an untrusted website, aka "ATMFD.dll Information Disclosure Vulnerability." | 4.3 |
Moyen |
||
| An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability." | 5.5 |
Moyen |
||
| The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047. | 7.8 |
Haute |
||
| The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047. | 7.8 |
Haute |
||
| Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability." | 6.5 |
Moyen |
||
| Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009. | 4.3 |
Moyen |
||
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. | 8.8 |
Haute |
||
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. | 8.8 |
Haute |
||
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148. | 8.8 |
Haute |
||
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148. | 8.8 |
Haute |
||
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability." | 7.5 |
Haute |
||
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146. | 8.1 |
Haute |
||
| Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037. | 8.8 |
Haute |
||
| Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability." | 5.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
Haute |
||
| The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0108. | 7.5 |
Haute |
||
| Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allows remote attackers to execute arbitrary code via a crafted SMBv2 or SMBv3 packet to the Server service, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability." | 5.9 |
Moyen |
||
| Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Structure Vulnerability." This vulnerability is different from that described in CVE-2017-0095. | 9 |
Critique |
||
| The kernel-mode drivers in Microsoft Windows 10 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082. | 7.8 |
Haute |
||
| The kernel-mode drivers in Microsoft Windows Vista; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005, and CVE-2017-0047. | 7.8 |
Haute |
||
| The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082. | 7.8 |
Haute |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
Haute |
||
| Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "Windows Media Player Information Disclosure Vulnerability." | 3.1 |
Bas |
||
| Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory Federation Services Information Disclosure Vulnerability." | 5.3 |
Moyen |
||
| The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." | 7.8 |
Haute |
||
| Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Hyper-V Network Switch Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, CVE-2017-0098, and CVE-2017-0099. | 5.4 |
Moyen |
||
| Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft IIS Server XSS Elevation of Privilege Vulnerability." | 6.1 |
Moyen |
||
| The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082. | 7.8 |
Haute |
||
| DNS client in Microsoft Windows 8.1; Windows Server 2012 R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 fails to properly process DNS queries, which allows remote attackers to obtain sensitive information via (1) convincing a workstation user to visit an untrusted webpage or (2) tricking a server into sending a DNS query to a malicious DNS server, aka "Windows DNS Query Information Disclosure Vulnerability." | 4.3 |
Moyen |
||
| The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062. | 5.5 |
Moyen |
||
| The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0061. | 6.5 |
Moyen |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
Haute |
||
| The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062. | 4.3 |
Moyen |
||
| Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099. | 5.4 |
Moyen |
||
| Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0109. | 7.6 |
Haute |
||
| Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0097, and CVE-2017-0099. | 5.4 |
Moyen |
||
| The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082. | 7.8 |
Haute |
||
| The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0081, and CVE-2017-0082. | 7.8 |
Haute |
||
| The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0082. | 7.8 |
Haute |
||
| Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. | 8.8 |
Haute |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
Haute |
||
| Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0021. | 7.6 |
Haute |
||
| Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability." | 2.6 |
Bas |
||
| Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0099. | 5.4 |
Moyen |
||
| Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099. | 5.4 |
Moyen |
||
| Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0097. | 5.4 |
Moyen |
||
| A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows HelpPane Elevation of Privilege Vulnerability." | 7.8 |
Haute |
||
| Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 let attackers with access to targets systems gain privileges when Windows fails to properly validate buffer lengths, aka "Windows Elevation of Privilege Vulnerability." | 7.8 |
Haute |
||
| The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflow, aka "iSNS Server Memory Corruption Vulnerability." | 8.1 |
Haute |
||
| Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0075. | 7.6 |
Haute |
||
| Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | 4.3 |
Moyen |
||
| Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | 4.3 |
Moyen |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0150, and CVE-2017-0151. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, and CVE-2017-0151. | 7.5 |
Haute |
||
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, and CVE-2017-0150. | 7.5 |
Haute |
||
| Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability." | 4.4 |
Moyen |
||
| Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element. | 8.1 |
Haute |
||
| gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220. | 5.5 |
Moyen |
||
| The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Crypto Driver Information Disclosure Vulnerability." | 5.5 |
Moyen |
||
| The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information Disclosure Vulnerability." | 5.5 |
Moyen |
||
| The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | 7.8 |
Haute |
||
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | 7.8 |
Haute |
||
| The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a crafted application, aka "Secure Kernel Mode Elevation of Privilege Vulnerability." | 7.8 |
Haute |
||
| The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability." | 8.8 |
Haute |
||
| The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability." | 8.8 |
Haute |
||
| Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." | 8.8 |
Haute |
||
| The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Installer Elevation of Privilege Vulnerability." | 7.8 |
Haute |
||
| The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information from process memory via a crafted application, aka "Windows Common Log File System Driver Information Disclosure Vulnerability." | 5.5 |
Moyen |
||
| The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | 8.8 |
Haute |
||
| The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | 8.8 |
Haute |
||
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | 7.8 |
Haute |
||
| atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability." | 8.8 |
Haute |
||
| The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. | 7.8 |
Haute |
||
| The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. | 7.8 |
Haute |
||
| The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. | 7.8 |
Haute |
||
| The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. | 7.8 |
Haute |
||
| The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. | 7.8 |
Haute |
||
| The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. | 7.8 |
Haute |
||
| The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. | 7.8 |
Haute |
||
| The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3343, and CVE-2016-7184. | 7.8 |
Haute |
||
| The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-7184. | 7.8 |
Haute |
||
| The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343. | 7.8 |
Haute |
||
| Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Animation Manager Memory Corruption Vulnerability." | 8.8 |
Haute |
||
| atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted Open Type font on a web site, aka "Open Type Font Information Disclosure Vulnerability." | 6.5 |
Moyen |
||
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka "Windows Remote Code Execution Vulnerability." | 7.8 |
Haute |
||
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection mechanism via a crafted application, aka "Win32k Information Disclosure Vulnerability." | 3.3 |
Bas |
||
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | 7.8 |
Haute |
||
| Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Media Foundation Memory Corruption Vulnerability." | 8.8 |
Haute |
||
| Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Bowser.sys Information Disclosure Vulnerability." | 4.7 |
Moyen |
||
| Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka "Windows IME Elevation of Privilege Vulnerability." | 7.8 |
Haute |
||
| Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privilege Vulnerability." | 7.8 |
Haute |
||
| Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability." | 6.1 |
Moyen |
||
| Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability." | 6.1 |
Moyen |
||
| Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability." | 6.1 |
Moyen |
||
| Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability." | 6.1 |
Moyen |
||
| Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability." | 6.5 |
Moyen |
||
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandle caching for NTLM password-change requests, which allows local users to gain privileges via a crafted application, aka "Windows NTLM Elevation of Privilege Vulnerability." | 7.8 |
Haute |
||
| The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | 7.8 |
Haute |
||
| Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component Vulnerability." | 7.5 |
Haute |
||
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | 8.8 |
Haute |
||
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | 8.8 |
Haute |
||
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | 8.8 |
Haute |
||
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | 8.8 |
Haute |
||
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | 8.8 |
Haute |
||
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | 8.8 |
Haute |
||
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | 8.8 |
Haute |
||
| Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | 8.8 |
Haute |
||
| Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the format is different from the original CVE published in 2013, except for clarifications about how to configure the EnableCertPaddingCheck registry value, the information herein remains unchanged from the original text published on December 10, 2013, Microsoft does not plan to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. This behavior remains available as an opt-in feature via reg key setting, and is available on supported editions of Windows released since December 10, 2013. This includes all currently supported versions of Windows 10 and Windows 11. The supporting code for this reg key was incorporated at the time of release for Windows 10 and Windows 11, so no security update is required; however, the reg key must be set. See the Security Updates table for the list of affected software. Vulnerability Description A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable (PE) files. An anonymous attacker could exploit the vulnerability by modifying an existing signed executable file to leverage unverified portions of the file in such a way as to add malicious code to the file without invalidating the signature. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of this vulnerability requires that a user or application run or install a specially crafted, signed PE file. An attacker could modify an... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 | 8.8 |
Haute |
2025©
tesweb SA
