CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Windows 10 : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2020-16900 269 +Priv 2020-10-16 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event System Elevation of Privilege Vulnerability'.
252 CVE-2020-16892 269 Exec Code 2020-10-16 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory.An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.The security update addresses the vulnerability by ensuring the Windows kernel image properly handles objects in memory., aka 'Windows Image Elevation of Privilege Vulnerability'.
253 CVE-2020-16887 269 2020-10-16 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.
254 CVE-2020-16885 269 2020-10-16 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations, aka 'Windows Storage VSP Driver Elevation of Privilege Vulnerability'.
255 CVE-2020-16876 269 2020-10-16 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka 'Windows Application Compatibility Client Library Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16920.
256 CVE-2020-15707 362 Exec Code Overflow Bypass 2020-07-29 2021-09-13
4.4
None Local Medium Not required Partial Partial Partial
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
257 CVE-2020-15706 362 Exec Code Bypass 2020-07-29 2021-05-01
4.4
None Local Medium Not required Partial Partial Partial
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
258 CVE-2020-15705 347 Bypass 2020-07-29 2021-09-21
4.4
None Local Medium Not required Partial Partial Partial
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
259 CVE-2020-1598 269 2020-09-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
260 CVE-2020-1577 200 +Info 2020-08-17 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'.
261 CVE-2020-1565 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'.
262 CVE-2020-1559 269 2020-09-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0886.
263 CVE-2020-1556 119 Overflow 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1533.
264 CVE-2020-1553 119 Overflow 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'.
265 CVE-2020-1551 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547.
266 CVE-2020-1547 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1551.
267 CVE-2020-1546 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1547, CVE-2020-1551.
268 CVE-2020-1545 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.
269 CVE-2020-1544 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.
270 CVE-2020-1543 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.
271 CVE-2020-1542 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.
272 CVE-2020-1541 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.
273 CVE-2020-1540 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.
274 CVE-2020-1539 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.
275 CVE-2020-1538 119 Overflow +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1519.
276 CVE-2020-1537 119 Overflow 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations, aka 'Windows Remote Access Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1530.
277 CVE-2020-1536 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.
278 CVE-2020-1535 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551.
279 CVE-2020-1533 119 Overflow 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1556.
280 CVE-2020-1532 269 +Priv 2020-09-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows InstallService Elevation of Privilege Vulnerability'.
281 CVE-2020-1530 119 Overflow +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Remote Access Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1537.
282 CVE-2020-1527 119 Overflow +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Custom Protocol Engine Elevation of Privilege Vulnerability'.
283 CVE-2020-1526 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Connection Broker Elevation of Privilege Vulnerability'.
284 CVE-2020-1524 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Speech Shell Components Elevation of Privilege Vulnerability'.
285 CVE-2020-1522 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Speech Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1521.
286 CVE-2020-1521 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Speech Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1522.
287 CVE-2020-1519 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1538.
288 CVE-2020-1518 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows File Server Resource Management Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1517.
289 CVE-2020-1517 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows File Server Resource Management Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1518.
290 CVE-2020-1516 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Work Folders Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1470, CVE-2020-1484.
291 CVE-2020-1515 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Telephony Server Elevation of Privilege Vulnerability'.
292 CVE-2020-1513 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1489.
293 CVE-2020-1512 200 +Info 2020-08-17 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Information Disclosure Vulnerability'.
294 CVE-2020-1511 269 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.
295 CVE-2020-1510 200 +Info 2020-08-17 2020-08-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.
296 CVE-2020-1491 269 2020-09-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'.
297 CVE-2020-1490 269 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.
298 CVE-2020-1489 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1513.
299 CVE-2020-1488 269 2020-08-17 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.
300 CVE-2020-1487 200 +Info 2020-08-17 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.
Total number of vulnerabilities : 728   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.