Windows 10 1607
by Microsoft
CVEs (3,413)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2524 | 0.03 | — | 0.03 | Sep 9, 2015 | Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege… | |||
| CVE-2015-2508 | 0.03 | — | 0.04 | Sep 9, 2015 | The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability." | |||
| CVE-2025-53145 | 0.02 | — | 0.06 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | |||
| CVE-2025-53144 | 0.02 | — | 0.06 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | |||
| CVE-2025-27473 | 0.02 | — | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-21277 | 0.02 | — | 0.38 | Jan 14, 2025 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | |||
| CVE-2024-43582 | 0.02 | — | 0.03 | Oct 8, 2024 | Remote Desktop Protocol Server Remote Code Execution Vulnerability | |||
| CVE-2024-30090 | 0.02 | — | 0.02 | Jun 11, 2024 | Microsoft Streaming Service Elevation of Privilege Vulnerability | |||
| CVE-2024-30078 | 0.02 | — | 0.05 | Jun 11, 2024 | Windows Wi-Fi Driver Remote Code Execution Vulnerability | |||
| CVE-2024-26218 | 0.02 | — | 0.13 | Apr 9, 2024 | Windows Kernel Elevation of Privilege Vulnerability | |||
| CVE-2015-2435 | 0.02 | — | 0.22 | Aug 15, 2015 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1,… | |||
| CVE-2025-53143 | 0.01 | — | 0.01 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | |||
| CVE-2025-47984 | 0.01 | — | 0.14 | Jul 8, 2025 | Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2025-33057 | 0.01 | — | 0.01 | Jun 10, 2025 | Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network. | |||
| CVE-2025-27469 | 0.01 | — | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-26673 | 0.01 | — | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-26641 | 0.01 | — | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-21181 | 0.01 | — | 0.03 | Feb 11, 2025 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | |||
| CVE-2025-21351 | 0.01 | — | 0.02 | Feb 11, 2025 | Windows Active Directory Domain Services API Denial of Service Vulnerability | |||
| CVE-2025-21409 | 0.01 | — | 0.01 | Jan 14, 2025 | Windows Telephony Service Remote Code Execution Vulnerability |
- CVE-2015-2524Sep 9, 2015risk 0.03cvss —epss 0.03
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege…
- CVE-2015-2508Sep 9, 2015risk 0.03cvss —epss 0.04
The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability."
- CVE-2025-53145Aug 12, 2025risk 0.02cvss —epss 0.06
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
- CVE-2025-53144Aug 12, 2025risk 0.02cvss —epss 0.06
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
- CVE-2025-27473Apr 8, 2025risk 0.02cvss —epss 0.02
Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
- CVE-2025-21277Jan 14, 2025risk 0.02cvss —epss 0.38
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
- CVE-2024-43582Oct 8, 2024risk 0.02cvss —epss 0.03
Remote Desktop Protocol Server Remote Code Execution Vulnerability
- CVE-2024-30090Jun 11, 2024risk 0.02cvss —epss 0.02
Microsoft Streaming Service Elevation of Privilege Vulnerability
- CVE-2024-30078Jun 11, 2024risk 0.02cvss —epss 0.05
Windows Wi-Fi Driver Remote Code Execution Vulnerability
- CVE-2024-26218Apr 9, 2024risk 0.02cvss —epss 0.13
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2015-2435Aug 15, 2015risk 0.02cvss —epss 0.22
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1,…
- CVE-2025-53143Aug 12, 2025risk 0.01cvss —epss 0.01
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
- CVE-2025-47984Jul 8, 2025risk 0.01cvss —epss 0.14
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
- CVE-2025-33057Jun 10, 2025risk 0.01cvss —epss 0.01
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
- CVE-2025-27469Apr 8, 2025risk 0.01cvss —epss 0.02
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
- CVE-2025-26673Apr 8, 2025risk 0.01cvss —epss 0.02
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
- CVE-2025-26641Apr 8, 2025risk 0.01cvss —epss 0.02
Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network.
- CVE-2025-21181Feb 11, 2025risk 0.01cvss —epss 0.03
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
- CVE-2025-21351Feb 11, 2025risk 0.01cvss —epss 0.02
Windows Active Directory Domain Services API Denial of Service Vulnerability
- CVE-2025-21409Jan 14, 2025risk 0.01cvss —epss 0.01
Windows Telephony Service Remote Code Execution Vulnerability
Page 113 of 171