Skip to main content

Windows Server 1903

24 CVEs product

Monthly

CVE-2020-1464 HIGH POC KEV PATCH THREAT This Week

A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Jwt Attack Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 +16
NVD
CVSS 3.1
7.8
EPSS
41.1%
CVE-2020-0986 HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows 10 1507 Windows 10 1607 +15
NVD
CVSS 3.1
7.8
EPSS
15.9%
CVE-2020-1054 HIGH POC KEV PATCH THREAT Act Now

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Microsoft Memory Corruption Windows 10 1507 Windows 10 1607 +15
NVD
CVSS 3.1
7.8
EPSS
52.8%
CVE-2020-1027 HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Microsoft Memory Corruption Windows 10 1507 Windows 10 1607 +15
NVD
CVSS 3.1
7.8
EPSS
4.4%
CVE-2020-1020 HIGH KEV PATCH THREAT This Week

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Microsoft Buffer Overflow Adobe Memory Corruption RCE +16
NVD
CVSS 3.1
8.8
EPSS
65.0%
CVE-2020-0938 HIGH KEV PATCH THREAT This Week

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Microsoft Buffer Overflow Adobe Memory Corruption RCE +17
NVD
CVSS 3.1
7.8
EPSS
69.2%
CVE-2020-0796 CRITICAL POC KEV PATCH THREAT Act Now

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Microsoft Windows 10 1903 Windows 10 1909 +2
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
99.8%
CVE-2020-0787 HIGH POC KEV EUVD KEV PATCH THREAT Act Now

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1709 +14
NVD
CVSS 3.1
7.8
EPSS
42.5%
CVE-2020-0683 HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1709 +14
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
7.7%
CVE-2020-0638 HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1709 Windows 10 1803 Windows 10 1809 Windows 10 1903 +5
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2020-0601 Go HIGH POC KEV PATCH THREAT This Week

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1709 +10
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
89.4%
CVE-2019-1405 HIGH POC KEV PATCH THREAT Act Now

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1709 +12
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
29.9%
CVE-2019-1388 HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1709 +11
NVD
CVSS 3.1
7.8
EPSS
8.6%
CVE-2019-1322 HIGH POC KEV PATCH THREAT Act Now

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 1803 Windows 10 1809 Windows 10 1903 +3
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
19.2%
CVE-2019-1253 HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1703 Windows 10 1709 Windows 10 1803 +5
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
11.6%
CVE-2019-1215 HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1703 +13
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
19.3%
CVE-2019-1214 HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1703 +13
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-1130 HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1703 +11
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2019-1129 HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1703 Windows 10 1709 Windows 10 1803 +5
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2019-0880 HIGH KEV PATCH THREAT This Week

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1703 +10
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2019-1069 HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Windows 10 1507 Windows 10 1607 Windows 10 1703 Windows 10 1709 +7
NVD
CVSS 3.1
7.8
EPSS
6.1%
CVE-2019-1064 HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1703 Windows 10 1709 +8
NVD
CVSS 3.1
7.8
EPSS
6.9%
CVE-2019-0903 HIGH KEV PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 1507 Windows 10 1607 Windows 10 1703 +13
NVD
CVSS 3.1
8.8
EPSS
21.7%
CVE-2019-0863 HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1703 +13
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
5.2%
EPSS 41% CVSS 7.8
HIGH POC KEV PATCH THREAT This Week

A spoofing vulnerability exists when Windows incorrectly validates file signatures. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Jwt Attack Microsoft Authentication Bypass +18
NVD
EPSS 16% CVSS 7.8
HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption +17
NVD
EPSS 53% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Microsoft Memory Corruption +17
NVD
EPSS 4% CVSS 7.8
HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Microsoft Memory Corruption +17
NVD
EPSS 65% CVSS 8.8
HIGH KEV PATCH THREAT This Week

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Microsoft Buffer Overflow Adobe +18
NVD
EPSS 69% CVSS 7.8
HIGH KEV PATCH THREAT This Week

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Microsoft Buffer Overflow Adobe +19
NVD
EPSS 100% CVSS 10.0
CRITICAL POC KEV PATCH THREAT Act Now

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Microsoft +4
NVD Exploit-DB
EPSS 43% CVSS 7.8
HIGH POC KEV EUVD KEV PATCH THREAT Act Now

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 1507 +16
NVD
EPSS 8% CVSS 7.8
HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 1507 +16
NVD Exploit-DB
EPSS 3% CVSS 7.8
HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1709 Windows 10 1803 +7
NVD
EPSS 89% CVSS 8.1
HIGH POC KEV PATCH THREAT This Week

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 1507 +12
NVD Exploit-DB
EPSS 30% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Microsoft Windows 10 1507 +14
NVD GitHub Exploit-DB
EPSS 9% CVSS 7.8
HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Windows 10 1507 +13
NVD
EPSS 19% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 1803 +5
NVD Exploit-DB
EPSS 12% CVSS 7.8
HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1703 +7
NVD Exploit-DB
EPSS 19% CVSS 7.8
HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Windows 10 1507 +15
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Microsoft Windows 10 1507 +15
NVD
EPSS 2% CVSS 7.8
HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 +13
NVD
EPSS 2% CVSS 7.8
HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1703 +7
NVD
EPSS 2% CVSS 7.8
HIGH KEV PATCH THREAT This Week

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 +12
NVD
EPSS 6% CVSS 7.8
HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Windows 10 1507 Windows 10 1607 +9
NVD
EPSS 7% CVSS 7.8
HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1607 +10
NVD
EPSS 22% CVSS 8.8
HIGH KEV PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 1507 +15
NVD
EPSS 5% CVSS 7.8
HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 +15
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy