Windows 10 1607
by Microsoft
CVEs (3,413)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42904 | Cri | 0.62 | 9.6 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network. | ||
| CVE-2026-45602 | Cri | 0.59 | 9.1 | 0.00 | Jun 9, 2026 | No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network. | ||
| CVE-2018-8350 | Hig | 0.59 | 8.8 | 0.19 | Aug 15, 2018 | A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10. | ||
| CVE-2026-47653 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-47289 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-42985 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-40403 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||
| CVE-2026-34329 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network. | ||
| CVE-2026-32225 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2026-32157 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-26178 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2026 | Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-26167 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45641 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45607 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32162 | Hig | 0.55 | 8.4 | 0.02 | Apr 14, 2026 | Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-32091 | Hig | 0.55 | 8.4 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2018-0877 | Hig | 0.54 | 7.8 | 0.03 | Mar 14, 2018 | The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka "Windows Desktop Bridge VFS Elevation of Privilege… | ||
| CVE-2016-3219 | Hig | 0.54 | 7.8 | 0.06 | Jun 16, 2016 | The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||
| CVE-2026-45635 | Hig | 0.53 | 8.1 | 0.01 | Jun 9, 2026 | Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-45599 | Hig | 0.53 | 8.1 | 0.01 | Jun 9, 2026 | Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network. |
- risk 0.62cvss 9.6epss 0.00
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
- risk 0.59cvss 9.1epss 0.00
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
- risk 0.59cvss 8.8epss 0.19
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.00
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
- risk 0.57cvss 8.8epss 0.00
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
- risk 0.57cvss 8.8epss 0.01
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.57cvss 8.8epss 0.01
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.00
Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.
- risk 0.57cvss 8.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- risk 0.55cvss 8.4epss 0.00
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.02
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
- risk 0.55cvss 8.4epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
- risk 0.54cvss 7.8epss 0.03
The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka "Windows Desktop Bridge VFS Elevation of Privilege…
- risk 0.54cvss 7.8epss 0.06
The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
- risk 0.53cvss 8.1epss 0.01
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
- risk 0.53cvss 8.1epss 0.01
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
Page 2 of 171