Windows 10 1809
by Microsoft
CVEs (3,304)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-38545 | Cri | 0.66 | 9.8 | 0.78 | Oct 18, 2023 | This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255… | ||
| CVE-2023-44487 | Hig | 0.65 | 7.5 | 1.00 | KEV | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |
| CVE-2026-47291 | Cri | 0.64 | 9.8 | 0.22 | Jun 9, 2026 | Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-44815 | Cri | 0.64 | 9.8 | 0.01 | Jun 9, 2026 | Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-33824 | Cri | 0.64 | 9.8 | 0.56 | Apr 14, 2026 | Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-60724 | Cri | 0.64 | 9.8 | 0.06 | Nov 11, 2025 | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-53766 | Cri | 0.64 | 9.8 | 0.07 | Aug 12, 2025 | Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. | ||
| CVE-2023-36424 | Hig | 0.63 | 7.8 | 0.12 | KEV | Nov 14, 2023 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CVE-2026-45602 | Cri | 0.59 | 9.1 | 0.00 | Jun 9, 2026 | No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network. | ||
| CVE-2026-47653 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-47289 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-42985 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-40403 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||
| CVE-2026-34329 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network. | ||
| CVE-2026-32225 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2026-32157 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-26178 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2026 | Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-26167 | Hig | 0.57 | 8.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45607 | Hig | 0.55 | 8.4 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32162 | Hig | 0.55 | 8.4 | 0.02 | Apr 14, 2026 | Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally. |
- risk 0.66cvss 9.8epss 0.78
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255…
- risk 0.65cvss 7.5epss 1.00
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- risk 0.64cvss 9.8epss 0.22
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
- risk 0.64cvss 9.8epss 0.01
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
- risk 0.64cvss 9.8epss 0.56
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
- risk 0.64cvss 9.8epss 0.06
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
- risk 0.64cvss 9.8epss 0.07
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
- risk 0.63cvss 7.8epss 0.12
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.59cvss 9.1epss 0.00
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.00
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
- risk 0.57cvss 8.8epss 0.00
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
- risk 0.57cvss 8.8epss 0.01
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.57cvss 8.8epss 0.01
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.00
Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.
- risk 0.57cvss 8.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
- risk 0.55cvss 8.4epss 0.00
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.02
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
Page 1 of 166