Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows 10
Total 4155 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41345 1 Microsoft 8 Windows 10, Windows 11, Windows 8.1 and 5 more 2024-07-03 7.2 HIGH 7.8 HIGH
Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2021-31970 1 Microsoft 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more 2024-07-03 2.1 LOW 5.5 MEDIUM
Windows TCP/IP Driver Security Feature Bypass Vulnerability
CVE-2021-31955 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2024-07-03 2.1 LOW 5.5 MEDIUM
Windows Kernel Information Disclosure Vulnerability
CVE-2021-31954 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-07-03 7.2 HIGH 7.8 HIGH
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2019-1227 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2024-07-03 2.1 LOW 5.5 MEDIUM
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
CVE-2019-1194 1 Microsoft 9 Internet Explorer, Windows 10, Windows 7 and 6 more 2024-07-03 7.6 HIGH 7.5 HIGH
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
CVE-2019-1193 1 Microsoft 10 Edge, Internet Explorer, Windows 10 and 7 more 2024-07-03 7.6 HIGH 6.4 MEDIUM
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.
CVE-2019-1188 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2024-07-03 9.3 HIGH 7.5 HIGH
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system. The security update addresses the vulnerability by correcting the processing of shortcut LNK references.
CVE-2019-1185 1 Microsoft 2 Windows 10, Windows Server 2016 2024-07-03 4.6 MEDIUM 7.3 HIGH
An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.
CVE-2019-1177 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-07-03 4.6 MEDIUM 7.0 HIGH
An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the rpcss.dll properly handles objects in memory.
CVE-2019-1175 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2024-07-03 4.6 MEDIUM 7.0 HIGH
An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the psmsrv.dll properly handles objects in memory.
CVE-2019-1174 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2024-07-03 4.6 MEDIUM 7.0 HIGH
An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the PsmServiceExtHost.dll properly handles objects in memory.
CVE-2019-1162 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-07-03 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC.
CVE-2019-1157 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-07-03 9.3 HIGH 7.8 HIGH
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
CVE-2019-1150 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-07-03 9.3 HIGH 8.8 HIGH
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.
CVE-2019-1057 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-07-03 9.3 HIGH 7.5 HIGH
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.
CVE-2016-0165 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2024-06-27 7.2 HIGH 7.8 HIGH
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0167.
CVE-2023-29412 2 Microsoft, Schneider-electric 7 Windows 10, Windows 11, Windows Server 2016 and 4 more 2024-06-12 N/A 9.8 CRITICAL
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.
CVE-2019-1226 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2024-05-29 10.0 HIGH 9.8 CRITICAL
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
CVE-2019-1225 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2024-05-29 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory.