Windows
by Microsoft
CVEs (2,494)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0162 | Hig | 0.50 | 7.6 | 0.03 | Apr 12, 2017 | A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V… | ||
| CVE-2017-0158 | Hig | 0.50 | 7.5 | 0.13 | Apr 12, 2017 | An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability." | ||
| CVE-2017-0109 | Hig | 0.50 | 7.6 | 0.05 | Mar 17, 2017 | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application,… | ||
| CVE-2017-0095 | Hig | 0.50 | 7.6 | 0.04 | Mar 17, 2017 | Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from… | ||
| CVE-2017-0075 | Hig | 0.50 | 7.6 | 0.13 | Mar 17, 2017 | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application,… | ||
| CVE-2016-7237 | Med | 0.50 | 6.5 | 0.65 | Nov 10, 2016 | Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote… | ||
| CVE-2016-3375 | Hig | 0.50 | 7.5 | 0.17 | Sep 14, 2016 | The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow… | ||
| CVE-2016-3369 | Hig | 0.50 | 7.5 | 0.12 | Sep 14, 2016 | Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vectors, aka "Windows Denial of Service Vulnerability." | ||
| CVE-2025-26687 | Hig | 0.49 | 7.5 | 0.01 | Apr 8, 2025 | Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2023-36585 | Hig | 0.49 | 7.5 | 0.03 | Oct 10, 2023 | Windows upnphost.dll Denial of Service Vulnerability | ||
| CVE-2023-35330 | Hig | 0.49 | 7.5 | 0.02 | Jul 11, 2023 | Windows Extended Negotiation Denial of Service Vulnerability | ||
| CVE-2023-24940 | Hig | 0.49 | 7.5 | 0.05 | May 9, 2023 | Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability | ||
| CVE-2023-24859 | Hig | 0.49 | 7.5 | 0.02 | Mar 14, 2023 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | ||
| CVE-2023-21683 | Hig | 0.49 | 7.5 | 0.02 | Jan 10, 2023 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | ||
| CVE-2023-21539 | Hig | 0.49 | 7.5 | 0.01 | Jan 10, 2023 | Windows Authentication Remote Code Execution Vulnerability | ||
| CVE-2022-41058 | Hig | 0.49 | 7.5 | 0.02 | Nov 9, 2022 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | ||
| CVE-2022-41053 | Hig | 0.49 | 7.5 | 0.02 | Nov 9, 2022 | Windows Kerberos Denial of Service Vulnerability | ||
| CVE-2022-33645 | Hig | 0.49 | 7.5 | 0.02 | Oct 11, 2022 | Windows TCP/IP Driver Denial of Service Vulnerability | ||
| CVE-2022-22037 | Hig | 0.49 | 7.5 | 0.02 | Jul 12, 2022 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | ||
| CVE-2022-30145 | Hig | 0.49 | 7.5 | 0.02 | Jun 15, 2022 | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability |
- risk 0.50cvss 7.6epss 0.03
A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V…
- risk 0.50cvss 7.5epss 0.13
An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability."
- risk 0.50cvss 7.6epss 0.05
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application,…
- risk 0.50cvss 7.6epss 0.04
Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from…
- risk 0.50cvss 7.6epss 0.13
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application,…
- risk 0.50cvss 6.5epss 0.65
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote…
- risk 0.50cvss 7.5epss 0.17
The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow…
- risk 0.50cvss 7.5epss 0.12
Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vectors, aka "Windows Denial of Service Vulnerability."
- risk 0.49cvss 7.5epss 0.01
Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.03
Windows upnphost.dll Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.02
Windows Extended Negotiation Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.05
Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.02
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.02
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.01
Windows Authentication Remote Code Execution Vulnerability
- risk 0.49cvss 7.5epss 0.02
Windows Network Address Translation (NAT) Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.02
Windows Kerberos Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.02
Windows TCP/IP Driver Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.02
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
- risk 0.49cvss 7.5epss 0.02
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
Page 51 of 125