Windows 10 1909
by Microsoft
CVEs (3,248)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8652 | Med | 0.47 | 6.5 | 0.23 | Aug 8, 2017 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from… | ||
| CVE-2017-8588 | Hig | 0.47 | 7.0 | 0.17 | Jul 11, 2017 | Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially… | ||
| CVE-2016-3319 | Hig | 0.47 | 7.0 | 0.19 | Aug 9, 2016 | The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability." | ||
| CVE-2025-53718 | Hig | 0.46 | 7.0 | 0.00 | Aug 12, 2025 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53147 | Hig | 0.46 | 7.0 | 0.00 | Aug 12, 2025 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53140 | Hig | 0.46 | 7.0 | 0.00 | Aug 12, 2025 | Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53137 | Hig | 0.46 | 7.0 | 0.00 | Aug 12, 2025 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53135 | Hig | 0.46 | 7.0 | 0.00 | Aug 12, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-53134 | Hig | 0.46 | 7.0 | 0.00 | Aug 12, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-50167 | Hig | 0.46 | 7.0 | 0.00 | Aug 12, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-50158 | Hig | 0.46 | 7.0 | 0.00 | Aug 12, 2025 | Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. | ||
| CVE-2025-49762 | Hig | 0.46 | 7.0 | 0.00 | Aug 12, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49727 | Hig | 0.46 | 7.0 | 0.00 | Jul 8, 2025 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49678 | Hig | 0.46 | 7.0 | 0.00 | Jul 8, 2025 | Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-48821 | Hig | 0.46 | 7.1 | 0.00 | Jul 8, 2025 | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. | ||
| CVE-2025-48819 | Hig | 0.46 | 7.1 | 0.00 | Jul 8, 2025 | Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. | ||
| CVE-2025-47975 | Hig | 0.46 | 7.0 | 0.00 | Jul 8, 2025 | Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-27468 | Hig | 0.46 | 7.0 | 0.00 | May 13, 2025 | Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-29809 | Hig | 0.46 | 7.1 | 0.04 | Apr 8, 2025 | Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2025-27732 | Hig | 0.46 | 7.0 | 0.00 | Apr 8, 2025 | Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
- risk 0.47cvss 6.5epss 0.23
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from…
- risk 0.47cvss 7.0epss 0.17
Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially…
- risk 0.47cvss 7.0epss 0.19
The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.
- risk 0.46cvss 7.0epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.1epss 0.00
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
- risk 0.46cvss 7.1epss 0.00
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
- risk 0.46cvss 7.0epss 0.00
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.0epss 0.00
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.1epss 0.04
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
- risk 0.46cvss 7.0epss 0.00
Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
Page 100 of 163