Windows 10 1909
by Microsoft
CVEs (3,248)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0158 | Hig | 0.50 | 7.5 | 0.13 | Apr 12, 2017 | An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability." | ||
| CVE-2017-0109 | Hig | 0.50 | 7.6 | 0.05 | Mar 17, 2017 | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application,… | ||
| CVE-2017-0095 | Hig | 0.50 | 7.6 | 0.04 | Mar 17, 2017 | Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from… | ||
| CVE-2017-0075 | Hig | 0.50 | 7.6 | 0.13 | Mar 17, 2017 | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application,… | ||
| CVE-2017-0014 | Hig | 0.50 | 7.5 | 0.18 | Mar 17, 2017 | The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a… | ||
| CVE-2016-7237 | Med | 0.50 | 6.5 | 0.65 | Nov 10, 2016 | Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote… | ||
| CVE-2016-3375 | Hig | 0.50 | 7.5 | 0.17 | Sep 14, 2016 | The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow… | ||
| CVE-2016-3369 | Hig | 0.50 | 7.5 | 0.12 | Sep 14, 2016 | Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vectors, aka "Windows Denial of Service Vulnerability." | ||
| CVE-2025-58726 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2025 | Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-49744 | Hig | 0.49 | 7.0 | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-33056 | Hig | 0.49 | 7.5 | 0.01 | Jun 10, 2025 | Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-32724 | Hig | 0.49 | 7.5 | 0.02 | Jun 10, 2025 | Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-29969 | Hig | 0.49 | 7.5 | 0.01 | May 13, 2025 | Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. | ||
| CVE-2025-29842 | Hig | 0.49 | 7.5 | 0.00 | May 13, 2025 | Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2025-29810 | Hig | 0.49 | 7.5 | 0.02 | Apr 8, 2025 | Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-27484 | Hig | 0.49 | 7.5 | 0.01 | Apr 8, 2025 | Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-27473 | Hig | 0.49 | 7.5 | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-27469 | Hig | 0.49 | 7.5 | 0.02 | Apr 8, 2025 | Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-26687 | Hig | 0.49 | 7.5 | 0.01 | Apr 8, 2025 | Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2025-26686 | Hig | 0.49 | 7.5 | 0.01 | Apr 8, 2025 | Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network. |
- risk 0.50cvss 7.5epss 0.13
An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability."
- risk 0.50cvss 7.6epss 0.05
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application,…
- risk 0.50cvss 7.6epss 0.04
Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from…
- risk 0.50cvss 7.6epss 0.13
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application,…
- risk 0.50cvss 7.5epss 0.18
The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a…
- risk 0.50cvss 6.5epss 0.65
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote…
- risk 0.50cvss 7.5epss 0.17
The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow…
- risk 0.50cvss 7.5epss 0.12
Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vectors, aka "Windows Denial of Service Vulnerability."
- risk 0.49cvss 7.5epss 0.01
Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.0epss 0.01
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- risk 0.49cvss 7.5epss 0.01
Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.02
Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.49cvss 7.5epss 0.02
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.01
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.02
Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.02
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.01
Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
Page 87 of 163