Windows 10 1909
by Microsoft
CVEs (3,248)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0095 | Hig | 0.51 | 7.8 | 0.04 | Mar 9, 2016 | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k… | ||
| CVE-2016-0048 | Hig | 0.51 | 7.8 | 0.02 | Feb 10, 2016 | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k… | ||
| CVE-2016-0042 | Hig | 0.51 | 7.8 | 0.06 | Feb 10, 2016 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "Windows… | ||
| CVE-2016-0014 | Hig | 0.51 | 7.8 | 0.02 | Jan 13, 2016 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted… | ||
| CVE-2016-0006 | Hig | 0.51 | 7.3 | 0.04 | Jan 13, 2016 | The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to… | ||
| CVE-2013-3900 | Med | 0.51 | 5.5 | 0.45 | KEV | Dec 11, 2013 | Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows… | |
| CVE-2025-59200 | Hig | 0.50 | 7.7 | 0.01 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally. | ||
| CVE-2025-53722 | Hig | 0.50 | 7.5 | 0.17 | Aug 12, 2025 | Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-47984 | Hig | 0.50 | 7.5 | 0.14 | Jul 8, 2025 | Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-29833 | Hig | 0.50 | 7.7 | 0.00 | May 13, 2025 | Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally. | ||
| CVE-2023-21752 | Hig | 0.50 | 7.1 | 0.05 | Jan 10, 2023 | Windows Backup Service Elevation of Privilege Vulnerability | ||
| CVE-2021-40463 | Hig | 0.50 | 7.7 | 0.02 | Oct 13, 2021 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | ||
| CVE-2021-26416 | Hig | 0.50 | 7.7 | 0.04 | Apr 13, 2021 | Windows Hyper-V Denial of Service Vulnerability | ||
| CVE-2021-1692 | Hig | 0.50 | 7.7 | 0.04 | Jan 12, 2021 | Windows Hyper-V Denial of Service Vulnerability | ||
| CVE-2021-1691 | Hig | 0.50 | 7.7 | 0.04 | Jan 12, 2021 | Windows Hyper-V Denial of Service Vulnerability | ||
| CVE-2021-1638 | Hig | 0.50 | 7.7 | 0.01 | Jan 12, 2021 | Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that… | ||
| CVE-2020-17096 | Hig | 0.50 | 7.5 | 0.19 | Dec 10, 2020 | Windows NTFS Remote Code Execution Vulnerability | ||
| CVE-2020-16997 | Hig | 0.50 | 7.7 | 0.04 | Nov 11, 2020 | Remote Desktop Protocol Server Information Disclosure Vulnerability | ||
| CVE-2020-16899 | Hig | 0.50 | 7.5 | 0.13 | Oct 16, 2020 | A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding. To exploit this vulnerability, an… | ||
| CVE-2020-16896 | Hig | 0.50 | 7.5 | 0.10 | Oct 16, 2020 | An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further… |
- risk 0.51cvss 7.8epss 0.04
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k…
- risk 0.51cvss 7.8epss 0.02
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k…
- risk 0.51cvss 7.8epss 0.06
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "Windows…
- risk 0.51cvss 7.8epss 0.02
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted…
- risk 0.51cvss 7.3epss 0.04
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to…
- risk 0.51cvss 5.5epss 0.45
Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows…
- risk 0.50cvss 7.7epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.
- risk 0.50cvss 7.5epss 0.17
Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.
- risk 0.50cvss 7.5epss 0.14
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
- risk 0.50cvss 7.7epss 0.00
Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally.
- risk 0.50cvss 7.1epss 0.05
Windows Backup Service Elevation of Privilege Vulnerability
- risk 0.50cvss 7.7epss 0.02
Windows Network Address Translation (NAT) Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.04
Windows Hyper-V Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.04
Windows Hyper-V Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.04
Windows Hyper-V Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.01
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that…
- risk 0.50cvss 7.5epss 0.19
Windows NTFS Remote Code Execution Vulnerability
- risk 0.50cvss 7.7epss 0.04
Remote Desktop Protocol Server Information Disclosure Vulnerability
- risk 0.50cvss 7.5epss 0.13
A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding. To exploit this vulnerability, an…
- risk 0.50cvss 7.5epss 0.10
An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further…
Page 85 of 163