Windows
by Microsoft
CVEs (2,493)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8477 | Med | 0.36 | 5.0 | 0.05 | Jun 15, 2017 | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel… | ||
| CVE-2017-8476 | Med | 0.36 | 5.0 | 0.03 | Jun 15, 2017 | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted… | ||
| CVE-2017-0299 | Med | 0.36 | 5.0 | 0.05 | Jun 15, 2017 | The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted… | ||
| CVE-2017-0287 | Med | 0.36 | 5.0 | 0.03 | Jun 15, 2017 | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure… | ||
| CVE-2017-0285 | Med | 0.36 | 5.0 | 0.03 | Jun 15, 2017 | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft Office Word Viewer allows… | ||
| CVE-2017-0282 | Med | 0.36 | 5.0 | 0.03 | Jun 15, 2017 | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory… | ||
| CVE-2016-7295 | Med | 0.36 | 5.5 | 0.03 | Dec 20, 2016 | The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain… | ||
| CVE-2016-7258 | Med | 0.36 | 5.5 | 0.03 | Dec 20, 2016 | The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information… | ||
| CVE-2016-7219 | Med | 0.36 | 5.5 | 0.03 | Dec 20, 2016 | The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a… | ||
| CVE-2016-0073 | Med | 0.36 | 5.0 | 0.05 | Oct 14, 2016 | The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel… | ||
| CVE-2016-3299 | Med | 0.36 | 5.3 | 0.14 | Aug 9, 2016 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hijack network traffic or bypass intended Enhanced Protected Mode (EPM) or… | ||
| CVE-2010-0481 | Med | 0.36 | 5.5 | 0.02 | Apr 14, 2010 | The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application,… | ||
| CVE-2008-3893 | Med | 0.36 | 5.5 | 0.01 | Sep 3, 2008 | Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this… | ||
| CVE-2021-26414 | Med | 0.35 | 4.8 | 0.50 | Jun 8, 2021 | Windows DCOM Server Security Feature Bypass | ||
| CVE-2020-16922 | Med | 0.35 | 5.3 | 0.01 | Oct 16, 2020 | A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security… | ||
| CVE-2020-1434 | Med | 0.35 | 5.3 | 0.01 | Jul 14, 2020 | An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory, aka 'Windows Sync Host Service Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1324 | Med | 0.35 | 5.3 | 0.04 | Nov 12, 2019 | An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'. | ||
| CVE-2019-1273 | Med | 0.35 | 5.4 | 0.01 | Sep 11, 2019 | A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'. | ||
| CVE-2019-0733 | Med | 0.35 | 5.3 | 0.01 | May 16, 2019 | A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'. | ||
| CVE-2018-8142 | Med | 0.35 | 5.3 | 0.01 | May 21, 2018 | A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035. |
- risk 0.36cvss 5.0epss 0.05
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel…
- risk 0.36cvss 5.0epss 0.03
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted…
- risk 0.36cvss 5.0epss 0.05
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted…
- risk 0.36cvss 5.0epss 0.03
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure…
- risk 0.36cvss 5.0epss 0.03
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft Office Word Viewer allows…
- risk 0.36cvss 5.0epss 0.03
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory…
- risk 0.36cvss 5.5epss 0.03
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain…
- risk 0.36cvss 5.5epss 0.03
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information…
- risk 0.36cvss 5.5epss 0.03
The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a…
- risk 0.36cvss 5.0epss 0.05
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel…
- risk 0.36cvss 5.3epss 0.14
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hijack network traffic or bypass intended Enhanced Protected Mode (EPM) or…
- risk 0.36cvss 5.5epss 0.02
The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application,…
- risk 0.36cvss 5.5epss 0.01
Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this…
- risk 0.35cvss 4.8epss 0.50
Windows DCOM Server Security Feature Bypass
- risk 0.35cvss 5.3epss 0.01
A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security…
- risk 0.35cvss 5.3epss 0.01
An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory, aka 'Windows Sync Host Service Elevation of Privilege Vulnerability'.
- risk 0.35cvss 5.3epss 0.04
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'.
- risk 0.35cvss 5.4epss 0.01
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'.
- risk 0.35cvss 5.3epss 0.01
A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'.
- risk 0.35cvss 5.3epss 0.01
A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035.
Page 77 of 125