Windows
by Microsoft
CVEs (2,396)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-1267 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'. | |||
| CVE-2019-1251 | 0.00 | — | 0.02 | Sep 11, 2019 | An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1245. | |||
| CVE-2019-1254 | 0.00 | — | 0.01 | Sep 11, 2019 | An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | |||
| CVE-2019-1256 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1285. | |||
| CVE-2019-1219 | 0.00 | — | 0.02 | Sep 11, 2019 | An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'. | |||
| CVE-2019-1235 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'. | |||
| CVE-2019-1216 | 0.00 | — | 0.02 | Sep 11, 2019 | An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'. | |||
| CVE-2019-1232 | 0.00 | — | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'. | |||
| CVE-2019-0928 | 0.00 | — | 0.02 | Sep 11, 2019 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | |||
| CVE-2019-1178 | 0.00 | — | 0.01 | Aug 14, 2019 | An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could… | |||
| CVE-2019-1188 | 0.00 | — | 0.04 | Aug 14, 2019 | A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured… | |||
| CVE-2019-1162 | 0.00 | — | 0.01 | Aug 14, 2019 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then… | |||
| CVE-2019-1169 | 0.00 | — | 0.01 | Aug 14, 2019 | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;… | |||
| CVE-2019-1093 | 0.00 | — | 0.02 | Jul 15, 2019 | An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097. | |||
| CVE-2019-1085 | 0.00 | — | 0.01 | Jul 15, 2019 | An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'. | |||
| CVE-2019-1090 | 0.00 | — | 0.01 | Jul 15, 2019 | An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrlvr.dll Elevation of Privilege Vulnerability'. | |||
| CVE-2019-1097 | 0.00 | — | 0.02 | Jul 15, 2019 | An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1093. | |||
| CVE-2019-1088 | 0.00 | — | 0.01 | Jul 15, 2019 | An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1086, CVE-2019-1087. | |||
| CVE-2019-1091 | 0.00 | — | 0.02 | Jul 15, 2019 | An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory, aka 'Microsoft unistore.dll Information Disclosure Vulnerability'. | |||
| CVE-2019-1087 | 0.00 | — | 0.01 | Jul 15, 2019 | An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1086, CVE-2019-1088. |
- CVE-2019-1267Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'.
- CVE-2019-1251Sep 11, 2019risk 0.00cvss —epss 0.02
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1245.
- CVE-2019-1254Sep 11, 2019risk 0.00cvss —epss 0.01
An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'.
- CVE-2019-1256Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1285.
- CVE-2019-1219Sep 11, 2019risk 0.00cvss —epss 0.02
An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'.
- CVE-2019-1235Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'.
- CVE-2019-1216Sep 11, 2019risk 0.00cvss —epss 0.02
An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.
- CVE-2019-1232Sep 11, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.
- CVE-2019-0928Sep 11, 2019risk 0.00cvss —epss 0.02
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.
- CVE-2019-1178Aug 14, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…
- CVE-2019-1188Aug 14, 2019risk 0.00cvss —epss 0.04
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured…
- CVE-2019-1162Aug 14, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then…
- CVE-2019-1169Aug 14, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;…
- CVE-2019-1093Jul 15, 2019risk 0.00cvss —epss 0.02
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097.
- CVE-2019-1085Jul 15, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'.
- CVE-2019-1090Jul 15, 2019risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrlvr.dll Elevation of Privilege Vulnerability'.
- CVE-2019-1097Jul 15, 2019risk 0.00cvss —epss 0.02
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1093.
- CVE-2019-1088Jul 15, 2019risk 0.00cvss —epss 0.01
An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1086, CVE-2019-1087.
- CVE-2019-1091Jul 15, 2019risk 0.00cvss —epss 0.02
An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory, aka 'Microsoft unistore.dll Information Disclosure Vulnerability'.
- CVE-2019-1087Jul 15, 2019risk 0.00cvss —epss 0.01
An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1086, CVE-2019-1088.
Page 104 of 120