CVE-2019-1143

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system.There are multiple ways an attacker could exploit th...

CVE-2019-1180

An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted...

CVE-2019-1212

A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding.To exploit the vulnerability, a remote unauthenticated attacker coul...

CVE-2019-1248

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247,...

CVE-2019-1456

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1419.

CVE-2020-0641

An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'.

CVE-2020-0648

An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The...

CVE-2020-0684

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.

CVE-2020-0708

A remote code execution vulnerability exists when the Windows Imaging Library improperly handles memory.To exploit this vulnerability, an attacker would first have to coerce a victim to open a specially crafted file.The security update addresses the vulnerability by correcting how the Windows Imagi...

CVE-2020-0717

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0716.

CVE-2020-0840

An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0841, CVE-2020-0849, CVE-2020-0896.

CVE-2020-0965

A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'.

CVE-2020-1000

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1003, CVE-2020-1027.

CVE-2020-1085

An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'.

CVE-2020-1208

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1236.

CVE-2020-1235

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-133...

CVE-2020-1333

An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points, aka 'Group Policy Services Policy Processing Elevation of Privilege Vulnerability'.

CVE-2020-1398

An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog.An attacker who successfully exploited the vulnerability could execute commands with elevated permissions.The security update addresses the vulnerability by ensuring that the Ease o...

CVE-2020-16974

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The ...

CVE-2020-17038

Win32k Elevation of Privilege Vulnerability

CVE-2020-17055

Windows Remote Access Elevation of Privilege Vulnerability

CVE-2020-17139

Windows Overlay Filter Security Feature Bypass Vulnerability

CVE-2021-1650

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

CVE-2021-1654

Windows CSC Service Elevation of Privilege Vulnerability

CVE-2021-1694

Windows Update Stack Elevation of Privilege Vulnerability

CVE-2021-1695

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2021-1696

Windows Graphics Component Information Disclosure Vulnerability

CVE-2021-24079

Windows Backup Engine Information Disclosure Vulnerability

CVE-2021-28349

Windows GDI+ Remote Code Execution Vulnerability

CVE-2021-43224

Windows Common Log File System Driver Information Disclosure Vulnerability

CVE-2022-23290

Windows Inking COM Elevation of Privilege Vulnerability

CVE-2022-38039

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-41094

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2023-21691

Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability

CVE-2023-28241

Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability

CVE-2023-32044

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2023-35297

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVE-2023-35332

Windows Remote Desktop Protocol Security Feature Bypass

CVE-2024-30035

Windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2024-30066

Winlogon Elevation of Privilege Vulnerability

CVE-2025-21191

Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.

CVE-2025-21241

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21295

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

CVE-2025-21307

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

CVE-2025-27731

Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally.

CVE-2025-33059

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2018-8484

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, W...

CVE-2018-8492

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, ...

CVE-2018-8592

An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows Server 2019.

CVE-2019-1121

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-112...