Windows
by Microsoft
CVEs (2,494)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0191 | Med | 0.38 | 5.8 | 0.05 | Apr 12, 2017 | A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could… | ||
| CVE-2016-3263 | Med | 0.38 | 5.5 | 0.32 | Oct 14, 2016 | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for… | ||
| CVE-2016-3262 | Med | 0.38 | 5.5 | 0.32 | Oct 14, 2016 | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for… | ||
| CVE-2016-3215 | Med | 0.38 | 5.5 | 0.34 | Jun 16, 2016 | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability… | ||
| CVE-2020-1599 | Med | 0.37 | 5.5 | 0.19 | Nov 11, 2020 | Windows Spoofing Vulnerability | ||
| CVE-2017-11853 | Med | 0.37 | 5.5 | 0.11 | Nov 15, 2017 | Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted… | ||
| CVE-2017-11816 | Med | 0.37 | 5.5 | 0.20 | Oct 13, 2017 | The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure… | ||
| CVE-2017-8710 | Med | 0.37 | 5.5 | 0.10 | Sep 13, 2017 | The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input… | ||
| CVE-2017-0007 | Med | 0.37 | 5.5 | 0.11 | Mar 17, 2017 | Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability." | ||
| CVE-2026-32181 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally. | ||
| CVE-2026-2636 | Med | 0.36 | 5.5 | 0.00 | Feb 25, 2026 | This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger… | ||
| CVE-2023-33174 | Med | 0.36 | 5.5 | 0.01 | Jul 11, 2023 | Windows Cryptographic Information Disclosure Vulnerability | ||
| CVE-2023-28228 | Med | 0.36 | 5.5 | 0.00 | Apr 11, 2023 | Windows Spoofing Vulnerability | ||
| CVE-2023-21559 | Med | 0.36 | 5.5 | 0.01 | Jan 10, 2023 | Windows Cryptographic Information Disclosure Vulnerability | ||
| CVE-2023-21550 | Med | 0.36 | 5.5 | 0.01 | Jan 10, 2023 | Windows Cryptographic Information Disclosure Vulnerability | ||
| CVE-2023-21540 | Med | 0.36 | 5.5 | 0.01 | Jan 10, 2023 | Windows Cryptographic Information Disclosure Vulnerability | ||
| CVE-2022-41055 | Med | 0.36 | 5.5 | 0.01 | Nov 9, 2022 | Windows Human Interface Device Information Disclosure Vulnerability | ||
| CVE-2022-35832 | Med | 0.36 | 5.5 | 0.01 | Sep 13, 2022 | Windows Event Tracing Denial of Service Vulnerability | ||
| CVE-2022-26933 | Med | 0.36 | 5.5 | 0.01 | May 10, 2022 | Windows NTFS Information Disclosure Vulnerability | ||
| CVE-2022-21985 | Med | 0.36 | 5.5 | 0.01 | Feb 9, 2022 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
- risk 0.38cvss 5.8epss 0.05
A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could…
- risk 0.38cvss 5.5epss 0.32
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for…
- risk 0.38cvss 5.5epss 0.32
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for…
- risk 0.38cvss 5.5epss 0.34
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability…
- risk 0.37cvss 5.5epss 0.19
Windows Spoofing Vulnerability
- risk 0.37cvss 5.5epss 0.11
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted…
- risk 0.37cvss 5.5epss 0.20
The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure…
- risk 0.37cvss 5.5epss 0.10
The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input…
- risk 0.37cvss 5.5epss 0.11
Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability."
- risk 0.36cvss 5.5epss 0.00
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
- risk 0.36cvss 5.5epss 0.00
This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger…
- risk 0.36cvss 5.5epss 0.01
Windows Cryptographic Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.00
Windows Spoofing Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Cryptographic Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Cryptographic Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Cryptographic Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Human Interface Device Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Event Tracing Denial of Service Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows NTFS Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Page 68 of 125