Windows 10 1909
by Microsoft
CVEs (3,248)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-8214 | Hig | 0.49 | 7.0 | 0.03 | Jun 14, 2018 | An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique… | ||
| CVE-2018-8208 | Hig | 0.49 | 7.0 | 0.03 | Jun 14, 2018 | An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique… | ||
| CVE-2018-0982 | Hig | 0.49 | 7.0 | 0.03 | Jun 14, 2018 | An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||
| CVE-2018-8134 | Hig | 0.49 | 7.0 | 0.03 | May 9, 2018 | An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | ||
| CVE-2017-11788 | Hig | 0.49 | 7.5 | 0.08 | Nov 15, 2017 | Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially… | ||
| CVE-2017-8727 | Hig | 0.49 | 7.5 | 0.08 | Oct 13, 2017 | Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft… | ||
| CVE-2017-11772 | Hig | 0.49 | 7.5 | 0.08 | Oct 13, 2017 | The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to… | ||
| CVE-2017-8633 | Hig | 0.49 | 7.5 | 0.04 | Aug 8, 2017 | Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error… | ||
| CVE-2017-8584 | Hig | 0.49 | 7.5 | 0.04 | Jul 11, 2017 | Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka "HoloLens Remote Code Execution Vulnerability." | ||
| CVE-2017-8495 | Hig | 0.49 | 7.5 | 0.05 | Jul 11, 2017 | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to… | ||
| CVE-2017-0214 | Hig | 0.49 | 7.0 | 0.03 | May 12, 2017 | Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly… | ||
| CVE-2017-0212 | Hig | 0.49 | 7.6 | 0.01 | May 12, 2017 | Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows Hyper-V vSMB Elevation of Privilege Vulnerability". | ||
| CVE-2016-7247 | Hig | 0.49 | 7.5 | 0.06 | Nov 10, 2016 | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component… | ||
| CVE-2016-0169 | Med | 0.49 | 6.5 | 0.43 | May 11, 2016 | GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics… | ||
| CVE-2016-0168 | Med | 0.49 | 6.5 | 0.43 | May 11, 2016 | GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics… | ||
| CVE-2016-0018 | Hig | 0.49 | 7.3 | 0.14 | Jan 13, 2016 | Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." | ||
| CVE-2025-55687 | Hig | 0.48 | 7.4 | 0.00 | Oct 14, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2025-55335 | Hig | 0.48 | 7.4 | 0.00 | Oct 14, 2025 | Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2025-24991 | Med | 0.48 | 5.5 | 0.02 | KEV | Mar 11, 2025 | Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. | |
| CVE-2025-21331 | Hig | 0.48 | 7.3 | 0.01 | Jan 14, 2025 | Windows Installer Elevation of Privilege Vulnerability |
- risk 0.49cvss 7.0epss 0.03
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique…
- risk 0.49cvss 7.0epss 0.03
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique…
- risk 0.49cvss 7.0epss 0.03
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- risk 0.49cvss 7.0epss 0.03
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
- risk 0.49cvss 7.5epss 0.08
Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially…
- risk 0.49cvss 7.5epss 0.08
Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft…
- risk 0.49cvss 7.5epss 0.08
The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to…
- risk 0.49cvss 7.5epss 0.04
Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error…
- risk 0.49cvss 7.5epss 0.04
Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka "HoloLens Remote Code Execution Vulnerability."
- risk 0.49cvss 7.5epss 0.05
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to…
- risk 0.49cvss 7.0epss 0.03
Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly…
- risk 0.49cvss 7.6epss 0.01
Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows Hyper-V vSMB Elevation of Privilege Vulnerability".
- risk 0.49cvss 7.5epss 0.06
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component…
- risk 0.49cvss 6.5epss 0.43
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics…
- risk 0.49cvss 6.5epss 0.43
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics…
- risk 0.49cvss 7.3epss 0.14
Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
- risk 0.48cvss 7.4epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally.
- risk 0.48cvss 7.4epss 0.00
Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
- risk 0.48cvss 5.5epss 0.02
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
- risk 0.48cvss 7.3epss 0.01
Windows Installer Elevation of Privilege Vulnerability
Page 97 of 163