563 matches found
CVE-2021-24079
Windows Backup Engine Information Disclosure Vulnerability
CVE-2021-28349
Windows GDI+ Remote Code Execution Vulnerability
CVE-2019-1158
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system.There are multiple ways an attacker could exploit th...
CVE-2019-1170
An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system.To exploit the vulnerability, an attacker ...
CVE-2020-1091
<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system.</p><p>There are multiple ways an attacker could ...
CVE-2020-1547
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security u...
CVE-2020-16895
<p>An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status.</p><p>To exploit this vulnerability, an attacker would fir...
CVE-2020-16964
Windows Backup Engine Elevation of Privilege Vulnerability
CVE-2021-1697
Windows InstallService Elevation of Privilege Vulnerability
CVE-2021-28437
Windows Installer Information Disclosure Vulnerability
CVE-2021-28445
Windows Network File System Remote Code Execution Vulnerability
CVE-2019-0965
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could caus...
CVE-2019-1022
An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulner...
CVE-2019-1163
A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature.To exploit the vulnerability, an attacker could modify a signed CAB file and...
CVE-2019-1177
An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted ...
CVE-2020-1459
An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation."To exploit this vulnerability, an attacker with local privileges would need to run a specially crafted application.The se...
CVE-2020-1592
<p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p><p>To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain inform...
CVE-2020-16935
<p>An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.</p><p>To exploit this vulnerability, an attacker would first have to log on to the syste...
CVE-2020-17000
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2021-24081
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
CVE-2021-24103
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-28323
Windows DNS Information Disclosure Vulnerability
CVE-2020-16961
Windows Backup Engine Elevation of Privilege Vulnerability
CVE-2020-16968
<p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user ri...
CVE-2020-17025
Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-17036
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
CVE-2021-1702
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
CVE-2021-1731
PFX Encryption Security Feature Bypass Vulnerability
CVE-2021-28442
Windows TCP/IP Information Disclosure Vulnerability
CVE-2019-0998
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.To exploit the vulnerability, an attacker would first have to gain execution on t...
CVE-2019-1172
An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account.To exploit the vulnerability, an attacker would have to trick a user int...
CVE-2019-1179
An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially craft...
CVE-2020-0911
<p>An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p><p>An attacker could exploit this vulnerability by running a specially...
CVE-2020-1115
<p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes...
CVE-2020-17011
Windows Port Class Library Elevation of Privilege Vulnerability
CVE-2020-17047
Windows Network File System Denial of Service Vulnerability
CVE-2020-17069
Windows NDIS Information Disclosure Vulnerability
CVE-2021-1659
Windows CSC Service Elevation of Privilege Vulnerability
CVE-2021-1689
Windows Multipoint Management Elevation of Privilege Vulnerability
CVE-2021-27094
Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
CVE-2021-28443
Windows Console Driver Denial of Service Vulnerability
CVE-2019-1007
An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulner...
CVE-2019-1187
A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application.A remote unauthenticated attacker could exploit this vulnerability by iss...
CVE-2020-0782
<p>An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog.</p><p>To exploit this vulnerability, an attacker would first have ...
CVE-2020-17032
Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-17037
Windows WalletService Elevation of Privilege Vulnerability
CVE-2021-1661
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1662
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-1683
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG.To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the rem...
CVE-2021-1710
Microsoft Windows Media Foundation Remote Code Execution Vulnerability