Windows 10 1809
by Microsoft
CVEs (3,332)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-27930 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-20806 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally. | ||
| CVE-2026-25180 | Med | 0.36 | 5.5 | 0.01 | Mar 10, 2026 | Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally. | ||
| CVE-2025-53799 | Med | 0.36 | 5.5 | 0.01 | Sep 9, 2025 | Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally. | ||
| CVE-2017-11829 | Med | 0.36 | 5.5 | 0.04 | Oct 13, 2017 | Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions. | ||
| CVE-2017-0295 | Med | 0.36 | 5.5 | 0.01 | Jun 15, 2017 | Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka "Windows Default Folder Tampering Vulnerability". | ||
| CVE-2017-0289 | Med | 0.36 | 5.0 | 0.03 | Jun 15, 2017 | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure… | ||
| CVE-2017-0288 | Med | 0.36 | 5.0 | 0.03 | Jun 15, 2017 | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure… | ||
| CVE-2017-0286 | Med | 0.36 | 5.0 | 0.03 | Jun 15, 2017 | Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure… | ||
| CVE-2017-0284 | Med | 0.36 | 5.0 | 0.03 | Jun 15, 2017 | Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory… | ||
| CVE-2016-0079 | Med | 0.36 | 5.0 | 0.05 | Oct 14, 2016 | The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability." | ||
| CVE-2026-45595 | Med | 0.35 | 5.4 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2026-35423 | Med | 0.35 | 5.4 | 0.01 | May 12, 2026 | Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2017-0219 | Med | 0.35 | 5.3 | 0.01 | Jun 15, 2017 | Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard… | ||
| CVE-2017-0218 | Med | 0.35 | 5.3 | 0.02 | Jun 15, 2017 | Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard… | ||
| CVE-2017-0216 | Med | 0.35 | 5.3 | 0.01 | Jun 15, 2017 | Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity… | ||
| CVE-2017-0051 | Med | 0.35 | 5.4 | 0.03 | Mar 17, 2017 | Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Hyper-V Network Switch Denial of Service Vulnerability." This vulnerability is different from those described in… | ||
| CVE-2026-45655 | Med | 0.34 | 5.3 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2026-42914 | Med | 0.34 | 5.3 | 0.01 | Jun 9, 2026 | Windows Kerberos Denial of Service Vulnerability | ||
| CVE-2017-0190 | Med | 0.32 | 4.4 | 0.43 | May 12, 2017 | The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a… |
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.04
Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions.
- risk 0.36cvss 5.5epss 0.01
Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka "Windows Default Folder Tampering Vulnerability".
- risk 0.36cvss 5.0epss 0.03
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure…
- risk 0.36cvss 5.0epss 0.03
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure…
- risk 0.36cvss 5.0epss 0.03
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure…
- risk 0.36cvss 5.0epss 0.03
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory…
- risk 0.36cvss 5.0epss 0.05
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."
- risk 0.35cvss 5.4epss 0.00
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.35cvss 5.4epss 0.01
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
- risk 0.35cvss 5.3epss 0.01
Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard…
- risk 0.35cvss 5.3epss 0.02
Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard…
- risk 0.35cvss 5.3epss 0.01
Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity…
- risk 0.35cvss 5.4epss 0.03
Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Hyper-V Network Switch Denial of Service Vulnerability." This vulnerability is different from those described in…
- risk 0.34cvss 5.3epss 0.00
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.34cvss 5.3epss 0.01
Windows Kerberos Denial of Service Vulnerability
- risk 0.32cvss 4.4epss 0.43
The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a…
Page 13 of 167