Windows 10 1607
by Microsoft
CVEs (3,413)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54094 | 0.00 | — | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54093 | 0.00 | — | 0.00 | Sep 9, 2025 | Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54092 | 0.00 | — | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54091 | 0.00 | — | 0.00 | Sep 9, 2025 | Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-53810 | 0.00 | — | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-53808 | 0.00 | — | 0.00 | Sep 9, 2025 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-53807 | 0.00 | — | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-53804 | 0.00 | — | 0.01 | Sep 9, 2025 | Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. | |||
| CVE-2025-53803 | 0.00 | — | 0.01 | Sep 9, 2025 | Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. | |||
| CVE-2025-53802 | 0.00 | — | 0.00 | Sep 9, 2025 | Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-53801 | 0.00 | — | 0.00 | Sep 9, 2025 | Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-53800 | 0.00 | — | 0.00 | Sep 9, 2025 | No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-55236 | 0.00 | — | 0.00 | Sep 9, 2025 | Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. | |||
| CVE-2025-55228 | 0.00 | — | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | |||
| CVE-2025-55226 | 0.00 | — | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally. | |||
| CVE-2025-55223 | 0.00 | — | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54919 | 0.00 | — | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | |||
| CVE-2025-54918 | 0.00 | — | 0.19 | Sep 9, 2025 | Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2025-54916 | 0.00 | — | 0.02 | Sep 9, 2025 | Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. | |||
| CVE-2025-54913 | 0.00 | — | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. |
- CVE-2025-54094Sep 9, 2025risk 0.00cvss —epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-54093Sep 9, 2025risk 0.00cvss —epss 0.00
Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
- CVE-2025-54092Sep 9, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- CVE-2025-54091Sep 9, 2025risk 0.00cvss —epss 0.00
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- CVE-2025-53810Sep 9, 2025risk 0.00cvss —epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-53808Sep 9, 2025risk 0.00cvss —epss 0.00
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-53807Sep 9, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- CVE-2025-53804Sep 9, 2025risk 0.00cvss —epss 0.01
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
- CVE-2025-53803Sep 9, 2025risk 0.00cvss —epss 0.01
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
- CVE-2025-53802Sep 9, 2025risk 0.00cvss —epss 0.00
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-53801Sep 9, 2025risk 0.00cvss —epss 0.00
Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.
- CVE-2025-53800Sep 9, 2025risk 0.00cvss —epss 0.00
No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- CVE-2025-55236Sep 9, 2025risk 0.00cvss —epss 0.00
Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.
- CVE-2025-55228Sep 9, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
- CVE-2025-55226Sep 9, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.
- CVE-2025-55223Sep 9, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2025-54919Sep 9, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
- CVE-2025-54918Sep 9, 2025risk 0.00cvss —epss 0.19
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
- CVE-2025-54916Sep 9, 2025risk 0.00cvss —epss 0.02
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
- CVE-2025-54913Sep 9, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.
Page 131 of 171