CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Windows 10 : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-0128 254 2016-04-12 2019-09-27
5.8
None Remote Medium Not required Partial Partial None
The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK."
2 CVE-2020-0601 295 2020-01-14 2020-01-16
5.8
None Remote Medium Not required Partial Partial None
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
3 CVE-2020-1244 DoS 2020-06-09 2020-06-12
5.8
None Remote Medium Not required None Partial Partial
A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1120.
4 CVE-2020-16898 Exec Code 2020-10-16 2020-10-23
5.8
None Local Network Low Not required Partial Partial Partial
A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka 'Windows TCP/IP Remote Code Execution Vulnerability'.
5 CVE-2021-34492 2021-07-14 2021-07-19
5.8
None Remote Medium Not required Partial Partial None
Windows Certificate Spoofing Vulnerability
6 CVE-2021-36967 269 2021-09-15 2021-09-26
5.8
None Local Network Low Not required Partial Partial Partial
Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
7 CVE-2019-1317 59 DoS 2019-10-10 2019-10-11
5.6
None Local Low Not required None Partial Complete
A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.
8 CVE-2020-0786 20 DoS 2020-03-12 2021-07-21
5.6
None Local Low Not required None Partial Complete
A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links, aka 'Windows Tile Object Service Denial of Service Vulnerability'.
9 CVE-2018-8436 20 DoS 2018-09-13 2018-11-02
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8437, CVE-2018-8438.
10 CVE-2018-8437 20 DoS 2018-09-13 2018-11-02
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8438.
11 CVE-2019-0635 20 2019-03-05 2020-08-24
5.5
None Local Network Low ??? Complete None None
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.
12 CVE-2019-0690 20 DoS 2019-04-09 2019-05-08
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0695, CVE-2019-0701.
13 CVE-2019-0695 20 DoS 2019-04-09 2019-04-09
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0701.
14 CVE-2019-0701 20 DoS 2019-04-09 2019-04-09
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0695.
15 CVE-2019-0710 20 DoS 2019-06-12 2019-06-12
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0711, CVE-2019-0713.
16 CVE-2019-0711 20 DoS 2019-06-12 2019-06-12
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0710, CVE-2019-0713.
17 CVE-2019-0713 20 DoS 2019-06-12 2019-06-12
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0710, CVE-2019-0711.
18 CVE-2019-0714 20 DoS 2019-08-14 2019-08-20
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0715, CVE-2019-0717, CVE-2019-0718, CVE-2019-0723.
19 CVE-2019-0715 20 DoS 2019-08-14 2019-08-20
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0717, CVE-2019-0718, CVE-2019-0723.
20 CVE-2019-0717 20 DoS 2019-08-14 2019-08-20
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0718, CVE-2019-0723.
21 CVE-2019-0718 20 DoS 2019-08-14 2019-08-20
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0723.
22 CVE-2019-0723 20 DoS 2019-08-14 2019-08-20
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0718.
23 CVE-2019-0928 20 DoS 2019-09-11 2019-09-12
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.
24 CVE-2019-0966 20 DoS 2019-07-15 2019-07-18
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.
25 CVE-2019-1399 20 DoS 2019-11-12 2019-11-13
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1310.
26 CVE-2020-0661 20 DoS 2020-02-11 2020-02-13
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0751.
27 CVE-2021-33781 Bypass 2021-07-14 2021-07-17
5.5
None Remote Low ??? Partial Partial None
Azure AD Security Feature Bypass Vulnerability
28 CVE-2017-0212 20 2017-05-12 2019-10-03
5.4
None Local Network Medium Not required Partial Partial Partial
Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows Hyper-V vSMB Elevation of Privilege Vulnerability".
29 CVE-2018-1040 DoS 2018-06-14 2019-10-03
5.4
None Remote High Not required None None Complete
A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka "Windows Code Integrity Module Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
30 CVE-2022-21924 Bypass 2022-01-11 2022-01-21
5.4
None Remote High Not required Complete None None
Workstation Service Remote Protocol Security Feature Bypass Vulnerability.
31 CVE-2017-0178 20 DoS 2017-04-12 2017-04-18
5.2
None Local Network Medium ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.
32 CVE-2017-0184 20 DoS 2017-04-12 2017-04-18
5.2
None Local Network Medium ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, and CVE-2017-0186.
33 CVE-2018-8434 200 +Info 2018-09-13 2021-09-13
5.2
None Local Network Medium ??? Complete None None
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
34 CVE-2021-34537 269 2021-08-12 2021-08-20
5.2
None Local Network Low ??? Partial Partial Partial
Windows Bluetooth Driver Elevation of Privilege Vulnerability
35 CVE-2021-40461 Exec Code 2021-10-13 2021-10-19
5.2
None Local Network Low ??? Partial Partial Partial
Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38672.
36 CVE-2021-40464 269 2021-10-13 2021-11-17
5.2
None Local Network Low ??? Partial Partial Partial
Windows Nearby Sharing Elevation of Privilege Vulnerability
37 CVE-2017-8563 281 2017-07-11 2019-10-03
5.1
None Remote High Not required Partial Partial Partial
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability".
38 CVE-2018-0824 502 Exec Code 2018-05-09 2019-03-12
5.1
None Remote High Not required Partial Partial Partial
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
39 CVE-2020-0611 20 Exec Code 2020-01-14 2021-07-21
5.1
None Remote High Not required Partial Partial Partial
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
40 CVE-2020-1374 119 Exec Code Overflow 2020-07-14 2021-07-21
5.1
None Remote High Not required Partial Partial Partial
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
41 CVE-2021-34534 Exec Code 2021-08-12 2021-08-23
5.1
None Remote High Not required Partial Partial Partial
Windows MSHTML Platform Remote Code Execution Vulnerability
42 CVE-2021-42279 787 Mem. Corr. 2021-11-10 2021-11-12
5.1
None Remote High Not required Partial Partial Partial
Chakra Scripting Engine Memory Corruption Vulnerability
43 CVE-2021-43233 94 Exec Code 2021-12-15 2021-12-29
5.1
None Remote High Not required Partial Partial Partial
Remote Desktop Client Remote Code Execution Vulnerability
44 CVE-2016-3209 200 Bypass +Info 2016-10-14 2018-10-12
5.0
None Remote Low Not required Partial None None
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability."
45 CVE-2016-3262 200 Bypass +Info 2016-10-14 2018-10-12
5.0
None Remote Low Not required Partial None None
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3263.
46 CVE-2016-3263 200 Bypass +Info 2016-10-14 2018-10-12
5.0
None Remote Low Not required Partial None None
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3262.
47 CVE-2016-3312 200 +Info 2016-08-09 2018-10-12
5.0
None Remote Low Not required Partial None None
ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Information Disclosure Vulnerability."
48 CVE-2016-7247 284 Bypass 2016-11-10 2018-10-12
5.0
None Remote Low Not required None Partial None
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component Vulnerability."
49 CVE-2017-11772 200 +Info 2017-10-13 2017-10-20
5.0
None Remote Low Not required Partial None None
The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to properly handle objects in memory, aka "Microsoft Search Information Disclosure Vulnerability".
50 CVE-2017-11788 DoS 2017-11-15 2019-10-03
5.0
None Remote Low Not required None None Partial
Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability".
Total number of vulnerabilities : 94   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.