Microsoft Windows 10 Security Vulnerabilities
Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management -...
7.8CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.4AI Score
0.002EPSS
6.5CVSS
6.3AI Score
0.001EPSS
7.8CVSS
8.5AI Score
0.0004EPSS
6.5CVSS
6.8AI Score
0.005EPSS
7.8CVSS
7.8AI Score
0.005EPSS
7.8CVSS
8.4AI Score
0.0004EPSS
5.5CVSS
7.5AI Score
0.0004EPSS
5.5CVSS
5.8AI Score
0.0004EPSS
Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution...
8.8CVSS
8.6AI Score
0.013EPSS
7.8CVSS
7.5AI Score
0.0005EPSS
7.8CVSS
7.5AI Score
0.0005EPSS
7.8CVSS
7.5AI Score
0.001EPSS
8CVSS
7.9AI Score
0.002EPSS
7.8CVSS
8AI Score
0.0004EPSS
7.8CVSS
8AI Score
0.0004EPSS
8.8CVSS
8.5AI Score
0.001EPSS
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file...
7CVSS
8.3AI Score
0.001EPSS
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a...
4.7CVSS
7.2AI Score
0.003EPSS
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially...
6.6CVSS
6.2AI Score
0.0004EPSS
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially...
5.5CVSS
6.8AI Score
0.0004EPSS
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege...
7.1CVSS
7.2AI Score
0.0004EPSS
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution...
An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure...
4.3CVSS
5.1AI Score
0.016EPSS
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from...
7.8CVSS
7.6AI Score
0.0004EPSS
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution...
7.8CVSS
8.9AI Score
0.011EPSS
An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Information Disclosure...
6.5CVSS
6.2AI Score
0.194EPSS
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257,...
7.8CVSS
7.7AI Score
0.0004EPSS
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278,...
7.8CVSS
7.7AI Score
0.0004EPSS
A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing...
6.1CVSS
6.2AI Score
0.002EPSS
An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from.....
7.8CVSS
7.6AI Score
0.0004EPSS
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257,...
7.8CVSS
7.7AI Score
0.0004EPSS
An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from.....
7.8CVSS
7.6AI Score
0.001EPSS
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from...
7.8CVSS
7.6AI Score
0.0004EPSS
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption...
8.1CVSS
8AI Score
0.031EPSS
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from...
7.8CVSS
7.6AI Score
0.0004EPSS
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption...
7.5CVSS
7.7AI Score
0.017EPSS
An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure...
5.3CVSS
5.7AI Score
0.007EPSS
A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Remote Code Execution...
7.5CVSS
7.9AI Score
0.033EPSS
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to....
8.1CVSS
7.4AI Score
0.002EPSS
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing...
4.3CVSS
5.1AI Score
0.002EPSS
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service...
7.5CVSS
7.3AI Score
0.001EPSS
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption...
7.5CVSS
7.6AI Score
0.02EPSS
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption...
7.5CVSS
7.4AI Score
0.02EPSS
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption...
7.5CVSS
7.4AI Score
0.017EPSS
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from...
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege...
7.1CVSS
7.3AI Score
0.0004EPSS
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from...
7.5CVSS
7.4AI Score
0.017EPSS
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829,....
7.5CVSS
7.7AI Score
0.014EPSS