CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Windows 10 : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-6095 255 Bypass 2015-11-11 2019-05-17
4.9
None Local Low Not required None Complete None
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles password changes, which allows physically proximate attackers to bypass authentication, and conduct decryption attacks against certain BitLocker configurations, by connecting to an unintended Key Distribution Center (KDC), aka "Windows Kerberos Security Feature Bypass."
2 CVE-2017-8515 DoS 2017-06-15 2019-10-03
4.9
None Local Low Not required None None Complete
Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka "Windows VAD Cloning Denial of Service Vulnerability".
3 CVE-2017-8703 119 DoS Overflow 2017-10-13 2017-10-27
4.9
None Local Low Not required None None Complete
The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability".
4 CVE-2017-8704 20 DoS 2017-09-13 2017-09-21
4.9
None Local Low Not required None None Complete
The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability".
5 CVE-2018-8205 DoS 2018-06-14 2020-08-24
4.9
None Local Low Not required None None Complete
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
6 CVE-2018-8309 DoS 2018-07-11 2020-08-24
4.9
None Local Low Not required None None Complete
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
7 CVE-2018-8649 DoS 2018-12-12 2020-08-24
4.9
None Local Low Not required None None Complete
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 10, Windows Server 2019.
8 CVE-2019-0754 DoS 2019-04-09 2020-08-24
4.9
None Local Low Not required None None Complete
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.
9 CVE-2019-1325 2019-10-10 2020-08-24
4.9
None Local Low Not required None None Complete
An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems, aka 'Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability'.
10 CVE-2019-1391 DoS 2019-11-12 2020-08-24
4.9
None Local Low Not required None None Complete
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2018-12207.
11 CVE-2020-0616 59 DoS 2020-01-14 2020-01-17
4.9
None Local Low Not required None None Complete
A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.
12 CVE-2020-0617 20 DoS 2020-01-14 2020-01-22
4.9
None Local Low Not required None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Hyper-V Denial of Service Vulnerability'.
13 CVE-2020-0728 2020-02-11 2022-01-01
4.9
None Local Low Not required Complete None None
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.
14 CVE-2020-0794 20 DoS 2020-04-15 2021-07-21
4.9
None Local Low Not required None None Complete
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.
15 CVE-2020-0890 269 DoS 2020-09-11 2021-07-21
4.9
None Local Low Not required None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0904.
16 CVE-2020-1038 DoS 2020-09-11 2020-09-15
4.9
None Local Low Not required None None Complete
A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory, aka 'Windows Routing Utilities Denial of Service'.
17 CVE-2020-1120 20 DoS 2020-06-09 2021-07-21
4.9
None Local Low Not required None None Complete
A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1244.
18 CVE-2020-1194 20 DoS 2020-06-09 2021-07-21
4.9
None Local Low Not required None None Complete
A denial of service vulnerability exists when Windows Registry improperly handles filesystem operations, aka 'Windows Registry Denial of Service Vulnerability'.
19 CVE-2020-16940 269 2020-10-16 2020-10-21
4.9
None Local Low Not required None None Complete
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points, aka 'Windows - User Profile Service Elevation of Privilege Vulnerability'.
20 CVE-2020-17029 200 +Info 2020-11-11 2021-07-21
4.9
None Local Low Not required Complete None None
Windows Canonical Display Driver Information Disclosure Vulnerability
21 CVE-2020-17030 200 +Info 2020-11-11 2021-07-21
4.9
None Local Low Not required Complete None None
Windows MSCTF Server Information Disclosure Vulnerability
22 CVE-2020-17036 200 +Info 2020-11-11 2021-07-21
4.9
None Local Low Not required Complete None None
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
23 CVE-2020-17045 200 +Info 2020-11-11 2021-07-21
4.9
None Local Low Not required Complete None None
Windows KernelStream Information Disclosure Vulnerability
24 CVE-2020-17046 DoS 2020-11-11 2020-11-19
4.9
None Local Low Not required None None Complete
Windows Error Reporting Denial of Service Vulnerability
25 CVE-2021-24084 200 +Info 2021-02-25 2021-03-04
4.9
None Local Low Not required Complete None None
Windows Mobile Device Management Information Disclosure Vulnerability
26 CVE-2021-34491 2021-07-14 2021-07-19
4.9
None Local Low Not required Complete None None
Win32k Information Disclosure Vulnerability
27 CVE-2021-36962 2021-09-15 2021-09-24
4.9
None Local Low Not required Complete None None
Windows Installer Information Disclosure Vulnerability
28 CVE-2021-38662 2021-10-13 2021-10-19
4.9
None Local Low Not required Complete None None
Windows Fast FAT File System Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41343.
29 CVE-2021-43244 2021-12-15 2021-12-29
4.9
None Local Low Not required Complete None None
Windows Kernel Information Disclosure Vulnerability
30 CVE-2021-43246 400 DoS 2021-12-15 2022-01-01
4.9
None Local Low Not required None None Complete
Windows Hyper-V Denial of Service Vulnerability
31 CVE-2022-21847 400 DoS 2022-01-11 2022-01-14
4.9
None Local Low Not required None None Complete
Windows Hyper-V Denial of Service Vulnerability.
32 CVE-2022-21876 125 2022-01-11 2022-01-18
4.9
None Local Low Not required Complete None None
Win32k Information Disclosure Vulnerability.
33 CVE-2022-21877 125 2022-01-11 2022-01-18
4.9
None Local Low Not required Complete None None
Storage Spaces Controller Information Disclosure Vulnerability.
34 CVE-2021-31182 2021-05-11 2021-05-18
4.8
None Local Network Low Not required Partial Partial None
Microsoft Bluetooth Driver Spoofing Vulnerability
35 CVE-2015-2453 200 +Info 2015-08-15 2019-05-15
4.7
None Local Medium Not required Complete None None
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information via a crafted application that continues to execute during a subsequent user's login session, aka "Windows CSRSS Elevation of Privilege Vulnerability."
36 CVE-2017-8627 119 DoS Overflow 2017-08-08 2017-08-14
4.7
None Local Medium Not required None None Complete
Windows Subsystem for Linux in Windows 10 1703, allows a denial of service vulnerability due to the way it handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability".
37 CVE-2017-11831 200 +Info 2017-11-15 2017-11-30
4.7
None Local Medium Not required Complete None None
Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted application that can compromise the user's system due to how the Windows kernel initializes memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11880.
38 CVE-2018-0888 20 2018-03-14 2020-08-24
4.7
None Local Medium Not required Complete None None
The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how guest operating system input is validated, aka "Hyper-V Information Disclosure Vulnerability".
39 CVE-2016-3305 19 +Priv 2016-09-14 2019-05-15
4.6
None Local Low Not required Partial Partial Partial
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3306.
40 CVE-2016-3306 19 +Priv 2016-09-14 2019-05-15
4.6
None Local Low Not required Partial Partial Partial
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3305.
41 CVE-2016-7271 264 Bypass 2016-12-20 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a crafted application, aka "Secure Kernel Mode Elevation of Privilege Vulnerability."
42 CVE-2017-0102 119 Overflow +Priv 2017-03-17 2017-07-12
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 let attackers with access to targets systems gain privileges when Windows fails to properly validate buffer lengths, aka "Windows Elevation of Privilege Vulnerability."
43 CVE-2017-0173 Bypass 2017-06-15 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.
44 CVE-2017-0193 755 +Priv 2017-06-15 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability".
45 CVE-2017-0215 668 Bypass 2017-06-15 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.
46 CVE-2017-0216 Bypass 2017-06-15 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0218, and CVE-2017-0219.
47 CVE-2017-0218 Bypass 2017-06-15 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0219.
48 CVE-2017-0219 Bypass 2017-06-15 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0218.
49 CVE-2017-8590 281 2017-07-11 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability".
50 CVE-2017-8715 Bypass 2017-10-13 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass".
Total number of vulnerabilities : 728   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.