Windows
by Microsoft
CVEs (2,526)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-20690 | Med | 0.42 | 6.5 | 0.01 | Jan 9, 2024 | Windows Nearby Sharing Spoofing Vulnerability | ||
| CVE-2023-35329 | Med | 0.42 | 6.5 | 0.02 | Jul 11, 2023 | Windows Authentication Denial of Service Vulnerability | ||
| CVE-2023-32037 | Med | 0.42 | 6.5 | 0.01 | Jul 11, 2023 | Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability | ||
| CVE-2023-29352 | Med | 0.42 | 6.5 | 0.01 | Jun 14, 2023 | Windows Remote Desktop Security Feature Bypass Vulnerability | ||
| CVE-2022-35770 | Med | 0.42 | 6.5 | 0.01 | Oct 11, 2022 | Windows NTLM Spoofing Vulnerability | ||
| CVE-2021-40460 | Med | 0.42 | 6.5 | 0.02 | Oct 13, 2021 | Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability | ||
| CVE-2021-38624 | Med | 0.42 | 6.5 | 0.01 | Sep 15, 2021 | Windows Key Storage Provider Security Feature Bypass Vulnerability | ||
| CVE-2019-4732 | Med | 0.42 | 6.5 | 0.01 | Feb 3, 2020 | IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows… | ||
| CVE-2017-0174 | Med | 0.42 | 6.5 | 0.03 | Aug 8, 2017 | Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka… | ||
| CVE-2016-3371 | Med | 0.42 | 5.5 | 0.40 | Sep 14, 2016 | The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain sensitive… | ||
| CVE-2020-16910 | Med | 0.41 | 6.2 | 0.03 | Oct 16, 2020 | A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. To exploit this vulnerability, an… | ||
| CVE-2019-3588 | Med | 0.41 | 6.3 | 0.00 | Jun 10, 2020 | Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked. | ||
| CVE-2018-0833 | Med | 0.41 | 5.3 | 0.41 | Feb 15, 2018 | The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability". | ||
| CVE-2017-0061 | Med | 0.41 | 5.3 | 0.43 | Mar 17, 2017 | The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka… | ||
| CVE-2017-0055 | Med | 0.41 | 6.1 | 0.16 | Mar 17, 2017 | Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site… | ||
| CVE-2022-21839 | Med | 0.40 | 6.1 | 0.02 | Jan 11, 2022 | Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability | ||
| CVE-2020-1055 | Med | 0.40 | 6.1 | 0.02 | May 21, 2020 | A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'. | ||
| CVE-2019-1470 | Med | 0.40 | 6.0 | 0.06 | Dec 10, 2019 | An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | ||
| CVE-2019-1399 | Med | 0.40 | 6.2 | 0.02 | Nov 12, 2019 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309,… | ||
| CVE-2019-0928 | Med | 0.40 | 6.2 | 0.02 | Sep 11, 2019 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. |
- risk 0.42cvss 6.5epss 0.01
Windows Nearby Sharing Spoofing Vulnerability
- risk 0.42cvss 6.5epss 0.02
Windows Authentication Denial of Service Vulnerability
- risk 0.42cvss 6.5epss 0.01
Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability
- risk 0.42cvss 6.5epss 0.01
Windows Remote Desktop Security Feature Bypass Vulnerability
- risk 0.42cvss 6.5epss 0.01
Windows NTLM Spoofing Vulnerability
- risk 0.42cvss 6.5epss 0.02
Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability
- risk 0.42cvss 6.5epss 0.01
Windows Key Storage Provider Security Feature Bypass Vulnerability
- risk 0.42cvss 6.5epss 0.01
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows…
- risk 0.42cvss 6.5epss 0.03
Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka…
- risk 0.42cvss 5.5epss 0.40
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain sensitive…
- risk 0.41cvss 6.2epss 0.03
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. To exploit this vulnerability, an…
- risk 0.41cvss 6.3epss 0.00
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.
- risk 0.41cvss 5.3epss 0.41
The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability".
- risk 0.41cvss 5.3epss 0.43
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka…
- risk 0.41cvss 6.1epss 0.16
Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site…
- risk 0.40cvss 6.1epss 0.02
Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
- risk 0.40cvss 6.1epss 0.02
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'.
- risk 0.40cvss 6.0epss 0.06
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.
- risk 0.40cvss 6.2epss 0.02
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309,…
- risk 0.40cvss 6.2epss 0.02
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.
Page 66 of 127