Skip to main content

Windows 10

2872 CVEs product

Monthly

CVE-2018-8595 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
6.5
EPSS
6.7%
CVE-2018-8514 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory, aka "Remote Procedure Call runtime Information Disclosure Vulnerability.". Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
5.5
EPSS
1.9%
CVE-2018-8477 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
5.5
EPSS
1.8%
CVE-2018-8592 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "Windows Elevation Of Privilege Vulnerability." This affects Windows. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Microsoft Information Disclosure Windows 10 Windows Server 2019
NVD
CVSS 3.0
6.4
EPSS
1.2%
CVE-2018-8584 HIGH POC PATCH This Week

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-8566 MEDIUM PATCH This Month

A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016,. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.0
4.6
EPSS
1.0%
CVE-2018-8565 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka "Win32k Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
3.2%
CVE-2018-8562 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-8561 HIGH PATCH This Week

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8554 HIGH PATCH This Week

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server Windows Server 2019
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8553 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
19.1%
CVE-2018-8550 HIGH POC PATCH This Week

An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.3%
CVE-2018-8549 MEDIUM PATCH This Month

A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-8547 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.0
5.4
EPSS
1.6%
CVE-2018-8544 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Microsoft RCE Use After Free Windows 10 +7
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
47.6%
CVE-2018-8485 HIGH PATCH This Week

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8471 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory, aka "Microsoft RemoteFX Virtual GPU miniport driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +2
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8454 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory, aka "Windows Audio Service Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.0
5.5
EPSS
3.3%
CVE-2018-8450 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
8.8
EPSS
16.1%
CVE-2018-8417 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard, aka "Microsoft JScript Security Feature Bypass Vulnerability." This affects. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.0
5.3
EPSS
2.0%
CVE-2018-8415 HIGH PATCH This Week

A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Microsoft RCE Powershell Core Windows 10 +7
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8408 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-8407 MEDIUM PATCH This Month

An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver improperly initializes objects in memory, aka "MSRPC Information Disclosure Vulnerability." This. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-8256 HIGH PATCH This Week

A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Microsoft Powershell Archive Powershell Core Windows 10 +7
NVD
CVSS 3.0
8.8
EPSS
22.6%
CVE-2018-17612 HIGH POC PATCH This Week

Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Headsetup Windows 10 Windows 7 +6
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2018-8506 MEDIUM PATCH This Month

An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability.". Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.0
5.5
EPSS
4.4%
CVE-2018-8497 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-8495 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft RCE Path Traversal Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.5
EPSS
55.8%
CVE-2018-8494 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Microsoft XXE RCE Windows 10 Windows 7 +6
NVD
CVSS 3.0
8.8
EPSS
22.2%
CVE-2018-8492 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.0
5.3
EPSS
2.0%
CVE-2018-8490 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.0
8.4
EPSS
4.1%
CVE-2018-8489 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
8.4
EPSS
4.1%
CVE-2018-8486 MEDIUM PATCH This Month

An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-8484 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8482 LOW PATCH Monitor

An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
3.1
EPSS
5.1%
CVE-2018-8481 LOW PATCH Monitor

An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
3.1
EPSS
5.1%
CVE-2018-8472 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
5.5
EPSS
18.9%
CVE-2018-8432 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Excel Viewer Office Office 365 Proplus +7
NVD
CVSS 3.0
7.8
EPSS
19.6%
CVE-2018-8423 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft RCE Buffer Overflow Windows 10 Windows 7 +6
NVD
CVSS 3.0
7.8
EPSS
32.7%
CVE-2018-8413 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
46.4%
CVE-2018-8411 HIGH POC PATCH This Week

An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.1%
CVE-2018-8333 HIGH PATCH This Week

An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka "Microsoft Filter Manager Elevation Of Privilege Vulnerability." This affects. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.0
EPSS
1.8%
CVE-2018-8330 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
2.5%
CVE-2018-8329 HIGH PATCH This Week

An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory, aka "Linux On Windows Elevation Of Privilege Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8320 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2008 Windows Server 2012 +2
NVD
CVSS 3.0
4.3
EPSS
4.7%
CVE-2018-8475 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
8.8
EPSS
14.6%
CVE-2018-8468 MEDIUM POC PATCH THREAT This Month

An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
4.7
EPSS
11.8%
CVE-2018-8462 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8455 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-8449 LOW POC PATCH Monitor

A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD Exploit-DB
CVSS 3.0
3.3
EPSS
3.1%
CVE-2018-8446 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
2.8%
CVE-2018-8445 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows Server
NVD
CVSS 3.0
5.5
EPSS
2.8%
CVE-2018-8444 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka "Windows SMB Information Disclosure Vulnerability.". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +1
NVD
CVSS 3.0
5.9
EPSS
5.9%
CVE-2018-8443 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
2.8%
CVE-2018-8442 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
2.8%
CVE-2018-8441 HIGH PATCH This Week

An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability." This affects Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Microsoft Buffer Overflow Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-8439 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD
CVSS 3.0
8.4
EPSS
4.3%
CVE-2018-8438 MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 8 1 Windows Server +1
NVD
CVSS 3.0
6.8
EPSS
7.2%
CVE-2018-8437 MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 Windows Server 2016
NVD
CVSS 3.0
6.2
EPSS
2.1%
CVE-2018-8436 MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 Windows Server 2016
NVD
CVSS 3.0
6.2
EPSS
2.1%
CVE-2018-8435 MEDIUM PATCH This Month

A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects. Rated medium severity (CVSS 4.2).

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
4.2
EPSS
1.4%
CVE-2018-8434 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Windows. Rated medium severity (CVSS 5.4).

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +3
NVD
CVSS 3.0
5.4
EPSS
3.5%
CVE-2018-8433 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability." This. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +3
NVD
CVSS 3.0
4.7
EPSS
2.6%
CVE-2018-8424 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +3
NVD
CVSS 3.0
6.5
EPSS
13.0%
CVE-2018-8420 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Microsoft XXE RCE Windows 10 Windows 7 +2
NVD
CVSS 3.0
8.8
EPSS
48.9%
CVE-2018-8419 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +2
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-8410 HIGH POC PATCH This Week

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka "Windows Registry Elevation of Privilege Vulnerability." This affects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +2
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.0%
CVE-2018-8393 HIGH PATCH This Week

A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Buffer Overflow Windows 10 Windows 7 +4
NVD
CVSS 3.0
7.8
EPSS
22.5%
CVE-2018-8392 HIGH PATCH This Week

A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Buffer Overflow Windows 10 Windows 7 +4
NVD
CVSS 3.0
7.8
EPSS
22.8%
CVE-2018-8337 MEDIUM PATCH This Month

A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka "Windows Subsystem for Linux Security Feature Bypass Vulnerability." This. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-8335 HIGH PATCH This Week

A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 8 1 Windows Server
NVD
CVSS 3.0
7.5
EPSS
9.0%
CVE-2018-8332 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office For Mac Windows 10 +3
NVD
CVSS 3.0
8.8
EPSS
19.1%
CVE-2018-8271 MEDIUM PATCH This Month

An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
2.8%
CVE-2018-0965 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows Server 2016
NVD
CVSS 3.0
8.4
EPSS
5.1%
CVE-2018-5391 HIGH PATCH This Week

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel Enterprise Linux Desktop Enterprise Linux Server +48
NVD
CVSS 3.1
7.5
EPSS
24.6%
CVE-2018-8404 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +3
NVD
CVSS 3.0
7.0
EPSS
1.1%
CVE-2018-8401 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2018-8400 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2018-8399 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows Server
NVD
CVSS 3.0
7.0
EPSS
1.1%
CVE-2018-8398 MEDIUM This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
6.5
EPSS
8.0%
CVE-2018-8394 MEDIUM This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
6.5
EPSS
8.0%
CVE-2018-8350 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability." This affects Windows 10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows Server
NVD
CVSS 3.0
8.8
EPSS
18.6%
CVE-2018-8349 HIGH This Week

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Deserialization RCE Windows 10 Windows 7 +5
NVD
CVSS 3.0
8.8
EPSS
22.7%
CVE-2018-8348 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
4.7
EPSS
2.6%
CVE-2018-8347 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka "Windows Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8345 HIGH This Week

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Microsoft RCE Windows 10 Windows 7 +5
NVD
CVSS 3.0
7.5
EPSS
13.6%
CVE-2018-8344 HIGH This Week

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft RCE Windows 10 Windows 7 +5
NVD
CVSS 3.0
8.8
EPSS
21.8%
CVE-2018-8343 HIGH This Week

An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8341 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
4.7
EPSS
2.6%
CVE-2018-8339 HIGH This Week

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka "Windows. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.0
EPSS
1.1%
EPSS 7% CVSS 6.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 +7
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory, aka "Remote Procedure Call runtime Information Disclosure Vulnerability.". Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +7
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +7
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "Windows Elevation Of Privilege Vulnerability." This affects Windows. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Microsoft Information Disclosure Windows 10 +1
NVD
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 +2
NVD Exploit-DB
EPSS 1% CVSS 4.6
MEDIUM PATCH This Month

A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016,. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 +2
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka "Win32k Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 +6
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +7
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +2
NVD
EPSS 19% CVSS 7.8
HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 +6
NVD
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 +7
NVD Exploit-DB
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 +5
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Windows 10 +5
NVD
EPSS 48% CVSS 8.8
HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Microsoft RCE +9
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory, aka "Microsoft RemoteFX Virtual GPU miniport driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +4
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory, aka "Windows Audio Service Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 +2
NVD
EPSS 16% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 +6
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard, aka "Microsoft JScript Security Feature Bypass Vulnerability." This affects. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Microsoft RCE +9
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +6
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver improperly initializes objects in memory, aka "MSRPC Information Disclosure Vulnerability." This. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +7
NVD
EPSS 23% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Microsoft Powershell Archive +9
NVD
EPSS 7% CVSS 7.5
HIGH POC PATCH This Week

Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Headsetup +8
NVD
EPSS 4% CVSS 5.5
MEDIUM PATCH This Month

An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability.". Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +2
NVD
EPSS 56% CVSS 7.5
HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft RCE Path Traversal +2
NVD
EPSS 22% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Microsoft XXE RCE +8
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 +2
NVD
EPSS 4% CVSS 8.4
HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 +2
NVD
EPSS 4% CVSS 8.4
HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 +7
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +7
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +6
NVD
EPSS 5% CVSS 3.1
LOW PATCH Monitor

An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Windows 10 +7
NVD
EPSS 5% CVSS 3.1
LOW PATCH Monitor

An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Windows 10 +7
NVD
EPSS 19% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 +7
NVD
EPSS 20% CVSS 7.8
HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Excel Viewer +9
NVD
EPSS 33% CVSS 7.8
HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft RCE Buffer Overflow +8
NVD
EPSS 46% CVSS 7.8
HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 +7
NVD Exploit-DB
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 +6
NVD Exploit-DB
EPSS 2% CVSS 7.0
HIGH PATCH This Week

An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka "Microsoft Filter Manager Elevation Of Privilege Vulnerability." This affects. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 +6
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 +6
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory, aka "Linux On Windows Elevation Of Privilege Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +1
NVD
EPSS 5% CVSS 4.3
MEDIUM PATCH This Month

A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Microsoft Windows 10 +4
NVD
EPSS 15% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 +6
NVD
EPSS 12% CVSS 4.7
MEDIUM POC PATCH THREAT This Month

An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 +6
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +4
NVD
EPSS 3% CVSS 3.3
LOW POC PATCH Monitor

A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Windows 10 +1
NVD Exploit-DB
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 +6
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 +1
NVD
EPSS 6% CVSS 5.9
MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka "Windows SMB Information Disclosure Vulnerability.". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 +3
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 +6
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 +6
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability." This affects Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Microsoft Buffer Overflow +2
NVD
EPSS 4% CVSS 8.4
HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 +4
NVD
EPSS 7% CVSS 6.8
MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Denial Of Service Windows 10 +3
NVD
EPSS 2% CVSS 6.2
MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 +1
NVD
EPSS 2% CVSS 6.2
MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 +1
NVD
EPSS 1% CVSS 4.2
MEDIUM PATCH This Month

A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects. Rated medium severity (CVSS 4.2).

Authentication Bypass Microsoft Windows 10 +1
NVD
EPSS 3% CVSS 5.4
MEDIUM PATCH This Month

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Windows. Rated medium severity (CVSS 5.4).

Microsoft Information Disclosure Windows 10 +5
NVD
EPSS 3% CVSS 4.7
MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability." This. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 +5
NVD
EPSS 13% CVSS 6.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 +5
NVD
EPSS 49% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Microsoft XXE RCE +4
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +4
NVD
EPSS 4% CVSS 7.8
HIGH POC PATCH This Week

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka "Windows Registry Elevation of Privilege Vulnerability." This affects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 +4
NVD Exploit-DB
EPSS 22% CVSS 7.8
HIGH PATCH This Week

A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Buffer Overflow +6
NVD
EPSS 23% CVSS 7.8
HIGH PATCH This Week

A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Buffer Overflow +6
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka "Windows Subsystem for Linux Security Feature Bypass Vulnerability." This. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 +1
NVD
EPSS 9% CVSS 7.5
HIGH PATCH This Week

A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 +2
NVD
EPSS 19% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office +5
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 +6
NVD
EPSS 5% CVSS 8.4
HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 +1
NVD
EPSS 25% CVSS 7.5
HIGH PATCH This Week

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel +50
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 +5
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +1
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +1
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 +1
NVD
EPSS 8% CVSS 6.5
MEDIUM This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 +6
NVD
EPSS 8% CVSS 6.5
MEDIUM This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 +6
NVD
EPSS 19% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability." This affects Windows 10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 +1
NVD
EPSS 23% CVSS 8.8
HIGH This Week

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Deserialization RCE +7
NVD
EPSS 3% CVSS 4.7
MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 +6
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka "Windows Kernel Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 +1
NVD
EPSS 14% CVSS 7.5
HIGH This Week

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Microsoft RCE +7
NVD
EPSS 22% CVSS 8.8
HIGH This Week

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft RCE +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Windows 10 +6
NVD
EPSS 3% CVSS 4.7
MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 +6
NVD
EPSS 1% CVSS 7.0
HIGH This Week

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka "Windows. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 +6
NVD
Prev Page 25 of 32 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy