Windows
by Microsoft
CVEs (2,396)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-1317 | 0.00 | — | 0.01 | Oct 10, 2019 | A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'. | |||
| CVE-2019-1287 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka 'Windows Network Connectivity Assistant Elevation of Privilege Vulnerability'. | |||
| CVE-2019-1292 | 0.00 | — | 0.05 | Sep 11, 2019 | A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | |||
| CVE-2019-1294 | 0.00 | — | 0.01 | Sep 11, 2019 | A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'. | |||
| CVE-2019-1293 | 0.00 | — | 0.02 | Sep 11, 2019 | An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosure Vulnerability'. | |||
| CVE-2019-1303 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID… | |||
| CVE-2019-1289 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'. | |||
| CVE-2019-1274 | 0.00 | — | 0.01 | Sep 11, 2019 | An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. | |||
| CVE-2019-1272 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC… | |||
| CVE-2019-1284 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | |||
| CVE-2019-1270 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'. | |||
| CVE-2019-1285 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1256. | |||
| CVE-2019-1268 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'. | |||
| CVE-2019-1278 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303. | |||
| CVE-2019-1269 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC… | |||
| CVE-2019-1282 | 0.00 | — | 0.01 | Sep 11, 2019 | An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. | |||
| CVE-2019-1271 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege exists in hdAudio.sys which may lead to an out of band write, aka 'Windows Media Elevation of Privilege Vulnerability'. | |||
| CVE-2019-1283 | 0.00 | — | 0.02 | Sep 11, 2019 | An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. | |||
| CVE-2019-1273 | 0.00 | — | 0.01 | Sep 11, 2019 | A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'. | |||
| CVE-2019-1277 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. |
- CVE-2019-1317Oct 10, 2019risk 0.00cvss —epss 0.01
A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.
- CVE-2019-1287Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka 'Windows Network Connectivity Assistant Elevation of Privilege Vulnerability'.
- CVE-2019-1292Sep 11, 2019risk 0.00cvss —epss 0.05
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.
- CVE-2019-1294Sep 11, 2019risk 0.00cvss —epss 0.01
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.
- CVE-2019-1293Sep 11, 2019risk 0.00cvss —epss 0.02
An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosure Vulnerability'.
- CVE-2019-1303Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID…
- CVE-2019-1289Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'.
- CVE-2019-1274Sep 11, 2019risk 0.00cvss —epss 0.01
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'.
- CVE-2019-1272Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC…
- CVE-2019-1284Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.
- CVE-2019-1270Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'.
- CVE-2019-1285Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1256.
- CVE-2019-1268Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'.
- CVE-2019-1278Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303.
- CVE-2019-1269Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC…
- CVE-2019-1282Sep 11, 2019risk 0.00cvss —epss 0.01
An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.
- CVE-2019-1271Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege exists in hdAudio.sys which may lead to an out of band write, aka 'Windows Media Elevation of Privilege Vulnerability'.
- CVE-2019-1283Sep 11, 2019risk 0.00cvss —epss 0.02
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.
- CVE-2019-1273Sep 11, 2019risk 0.00cvss —epss 0.01
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'.
- CVE-2019-1277Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed, aka 'Windows Audio Service Elevation of Privilege Vulnerability'.
Page 103 of 120