Windows 10 1607
by Microsoft
CVEs (3,413)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-1019 | 0.03 | — | 0.15 | Jun 12, 2019 | A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this… | |||
| CVE-2019-0943 | 0.03 | — | 0.02 | Jun 12, 2019 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then… | |||
| CVE-2019-0709 | 0.03 | — | 0.04 | Jun 12, 2019 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating… | |||
| CVE-2015-6102 | 0.03 | — | 0.04 | Nov 11, 2015 | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and… | |||
| CVE-2015-2524 | 0.03 | — | 0.03 | Sep 9, 2015 | Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege… | |||
| CVE-2015-2508 | 0.03 | — | 0.04 | Sep 9, 2015 | The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability." | |||
| CVE-2025-53145 | 0.02 | — | 0.06 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | |||
| CVE-2025-53144 | 0.02 | — | 0.06 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | |||
| CVE-2025-27473 | 0.02 | — | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-21277 | 0.02 | — | 0.38 | Jan 14, 2025 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | |||
| CVE-2024-43582 | 0.02 | — | 0.03 | Oct 8, 2024 | Remote Desktop Protocol Server Remote Code Execution Vulnerability | |||
| CVE-2024-30090 | 0.02 | — | 0.02 | Jun 11, 2024 | Microsoft Streaming Service Elevation of Privilege Vulnerability | |||
| CVE-2024-30078 | 0.02 | — | 0.05 | Jun 11, 2024 | Windows Wi-Fi Driver Remote Code Execution Vulnerability | |||
| CVE-2024-26218 | 0.02 | — | 0.13 | Apr 9, 2024 | Windows Kernel Elevation of Privilege Vulnerability | |||
| CVE-2024-21306 | 0.02 | — | 0.06 | Jan 9, 2024 | Microsoft Bluetooth Driver Spoofing Vulnerability | |||
| CVE-2024-20698 | 0.02 | — | 0.09 | Jan 9, 2024 | Windows Kernel Elevation of Privilege Vulnerability | |||
| CVE-2023-41772 | 0.02 | — | 0.12 | Oct 10, 2023 | Win32k Elevation of Privilege Vulnerability | |||
| CVE-2023-36900 | 0.02 | — | 0.12 | Aug 8, 2023 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||
| CVE-2022-35759 | 0.02 | — | 0.02 | May 31, 2023 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | |||
| CVE-2023-29325 | 0.02 | — | 0.84 | May 9, 2023 | Windows OLE Remote Code Execution Vulnerability |
- CVE-2019-1019Jun 12, 2019risk 0.03cvss —epss 0.15
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this…
- CVE-2019-0943Jun 12, 2019risk 0.03cvss —epss 0.02
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then…
- CVE-2019-0709Jun 12, 2019risk 0.03cvss —epss 0.04
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating…
- CVE-2015-6102Nov 11, 2015risk 0.03cvss —epss 0.04
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and…
- CVE-2015-2524Sep 9, 2015risk 0.03cvss —epss 0.03
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege…
- CVE-2015-2508Sep 9, 2015risk 0.03cvss —epss 0.04
The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability."
- CVE-2025-53145Aug 12, 2025risk 0.02cvss —epss 0.06
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
- CVE-2025-53144Aug 12, 2025risk 0.02cvss —epss 0.06
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
- CVE-2025-27473Apr 8, 2025risk 0.02cvss —epss 0.02
Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
- CVE-2025-21277Jan 14, 2025risk 0.02cvss —epss 0.38
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
- CVE-2024-43582Oct 8, 2024risk 0.02cvss —epss 0.03
Remote Desktop Protocol Server Remote Code Execution Vulnerability
- CVE-2024-30090Jun 11, 2024risk 0.02cvss —epss 0.02
Microsoft Streaming Service Elevation of Privilege Vulnerability
- CVE-2024-30078Jun 11, 2024risk 0.02cvss —epss 0.05
Windows Wi-Fi Driver Remote Code Execution Vulnerability
- CVE-2024-26218Apr 9, 2024risk 0.02cvss —epss 0.13
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2024-21306Jan 9, 2024risk 0.02cvss —epss 0.06
Microsoft Bluetooth Driver Spoofing Vulnerability
- CVE-2024-20698Jan 9, 2024risk 0.02cvss —epss 0.09
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-41772Oct 10, 2023risk 0.02cvss —epss 0.12
Win32k Elevation of Privilege Vulnerability
- CVE-2023-36900Aug 8, 2023risk 0.02cvss —epss 0.12
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CVE-2022-35759May 31, 2023risk 0.02cvss —epss 0.02
Windows Local Security Authority (LSA) Denial of Service Vulnerability
- CVE-2023-29325May 9, 2023risk 0.02cvss —epss 0.84
Windows OLE Remote Code Execution Vulnerability
Page 26 of 171