Windows 10 1909
by Microsoft
CVEs (3,248)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0294 | Hig | 0.52 | 7.8 | 0.17 | Jun 15, 2017 | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute remote code when Windows fails to properly handle cabinet files,… | ||
| CVE-2017-0291 | Hig | 0.52 | 7.8 | 0.20 | Jun 15, 2017 | Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID… | ||
| CVE-2016-7248 | Hig | 0.52 | 7.8 | 0.22 | Nov 10, 2016 | Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Video Control Remote Code Execution Vulnerability." | ||
| CVE-2016-3343 | Hig | 0.52 | 7.8 | 0.13 | Nov 10, 2016 | The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain… | ||
| CVE-2016-3342 | Hig | 0.52 | 7.8 | 0.13 | Nov 10, 2016 | The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain… | ||
| CVE-2016-3340 | Hig | 0.52 | 7.8 | 0.13 | Nov 10, 2016 | The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain… | ||
| CVE-2016-0142 | Hig | 0.52 | 7.8 | 0.20 | Oct 14, 2016 | Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Video Control Remote Code Execution Vulnerability." | ||
| CVE-2016-3356 | Hig | 0.52 | 7.8 | 0.19 | Sep 14, 2016 | The Graphics Device Interface (GDI) in Microsoft Windows 10 1607 allows remote attackers to execute arbitrary code via a crafted document, aka "GDI Remote Code Execution Vulnerability." | ||
| CVE-2016-3348 | Hig | 0.52 | 7.8 | 0.13 | Sep 14, 2016 | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka… | ||
| CVE-2016-0182 | Hig | 0.52 | 7.8 | 0.20 | May 11, 2016 | Windows Journal in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal (aka .jnt) file, aka "Windows Journal Memory Corruption Vulnerability." | ||
| CVE-2016-0038 | Hig | 0.52 | 7.8 | 0.18 | Feb 10, 2016 | Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Memory… | ||
| CVE-2025-49742 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally. | ||
| CVE-2025-49732 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49721 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2025-49689 | Hig | 0.51 | 7.8 | 0.01 | Jul 8, 2025 | Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2025-49686 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49679 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49675 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49667 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-49665 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally. |
- risk 0.52cvss 7.8epss 0.17
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute remote code when Windows fails to properly handle cabinet files,…
- risk 0.52cvss 7.8epss 0.20
Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID…
- risk 0.52cvss 7.8epss 0.22
Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Video Control Remote Code Execution Vulnerability."
- risk 0.52cvss 7.8epss 0.13
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain…
- risk 0.52cvss 7.8epss 0.13
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain…
- risk 0.52cvss 7.8epss 0.13
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain…
- risk 0.52cvss 7.8epss 0.20
Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Video Control Remote Code Execution Vulnerability."
- risk 0.52cvss 7.8epss 0.19
The Graphics Device Interface (GDI) in Microsoft Windows 10 1607 allows remote attackers to execute arbitrary code via a crafted document, aka "GDI Remote Code Execution Vulnerability."
- risk 0.52cvss 7.8epss 0.13
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka…
- risk 0.52cvss 7.8epss 0.20
Windows Journal in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal (aka .jnt) file, aka "Windows Journal Memory Corruption Vulnerability."
- risk 0.52cvss 7.8epss 0.18
Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Memory…
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.01
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.
Page 40 of 163