Windows 10 1903 Security Vulnerabilities and Issues — Windows 10 1903 CVE List

Lucene search

MicrosoftWindows 10 1903

112 matches found

CVE•added 2019/10/10 2:15 p.m.•1183 views

CVE-2019-1322

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.

7.8CVSS7.8AI score0.38187EPSS

CVE•added 2019/07/15 7:15 p.m.•1147 views

CVE-2019-0880

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.

7.8CVSS7.5AI score0.0137EPSS

CVE•added 2019/11/12 7:15 p.m.•1135 views

CVE-2019-1405

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.

7.8CVSS8.4AI score0.58623EPSS

CVE•added 2019/06/12 2:29 p.m.•1106 views

CVE-2019-1064

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.To ...

7.8CVSS7.7AI score0.13514EPSS

CVE•added 2019/07/29 2:13 p.m.•1093 views

CVE-2019-1130

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.

7.8CVSS7.7AI score0.08868EPSS

CVE•added 2019/09/11 10:15 p.m.•1080 views

CVE-2019-1253

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-...

7.8CVSS8.2AI score0.19565EPSS

CVE•added 2019/06/12 2:29 p.m.•1077 views

CVE-2019-1069

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system.To exploit the vulnerability, an attacker would require unprivileged cod...

7.8CVSS7.9AI score0.31928EPSS

CVE•added 2019/10/10 2:15 p.m.•1070 views

CVE-2019-1315

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.

7.8CVSS8.5AI score0.06219EPSS

CVE•added 2019/05/16 7:29 p.m.•1066 views

CVE-2019-0863

An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

7.8CVSS7.7AI score0.13544EPSS

CVE•added 2019/09/11 10:15 p.m.•1063 views

CVE-2019-1215

An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.

7.8CVSS8.1AI score0.19565EPSS

CVE•added 2019/09/11 10:15 p.m.•1061 views

CVE-2019-1214

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.

7.8CVSS8AI score0.11567EPSS

CVE•added 2019/11/12 7:15 p.m.•1040 views

CVE-2019-1385

An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.T...

7.8CVSS8.3AI score0.00381EPSS

CVE•added 2019/05/16 7:29 p.m.•1016 views

CVE-2019-0903

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

9.3CVSS8AI score0.50678EPSS

CVE•added 2019/07/29 2:13 p.m.•1002 views

CVE-2019-1129

7.8CVSS7.7AI score0.08868EPSS

CVE•added 2019/11/12 7:15 p.m.•791 views

CVE-2019-1388

An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.

7.8CVSS8.5AI score0.02925EPSS

CVE•added 2019/09/03 6:15 p.m.•590 views

CVE-2019-1125

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.To exploit this vulnerability, an attacker would have to log on to an a...

5.6CVSS6.8AI score0.15102EPSS

CVE•added 2019/08/14 9:15 p.m.•438 views

CVE-2019-1181

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. A...

10CVSS9.7AI score0.73187EPSS

CVE•added 2019/08/14 9:15 p.m.•285 views

CVE-2019-1182

10CVSS9.7AI score0.09354EPSS

CVE•added 2019/06/12 2:29 p.m.•251 views

CVE-2019-1040

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features.To exploit t...

5.9CVSS6.7AI score0.9061EPSS

CVE•added 2019/08/14 9:15 p.m.•245 views

CVE-2019-1226

10CVSS9.7AI score0.13718EPSS

CVE•added 2019/08/14 9:15 p.m.•223 views

CVE-2019-1222

10CVSS9.7AI score0.13718EPSS

CVE•added 2019/08/14 9:15 p.m.•180 views

CVE-2019-1151

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; ...

9.3CVSS9.1AI score0.33915EPSS

CVE•added 2019/08/14 9:15 p.m.•169 views

CVE-2019-1155

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open...

9.3CVSS8.8AI score0.09677EPSS

CVE•added 2019/06/12 2:29 p.m.•156 views

CVE-2019-1019

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access anothe...

8.5CVSS7.1AI score0.04674EPSS

CVE•added 2019/06/12 2:29 p.m.•156 views

CVE-2019-1065

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new ...

7.8CVSS7.3AI score0.00767EPSS

CVE•added 2019/08/14 9:15 p.m.•150 views

CVE-2019-1162

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view,...

7.8CVSS8.6AI score0.0047EPSS

CVE•added 2019/06/12 2:29 p.m.•145 views

CVE-2019-0943

7.8CVSS7.8AI score0.04447EPSS

CVE•added 2019/06/12 2:29 p.m.•143 views

CVE-2019-0959

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have ...

7.8CVSS7.7AI score0.04708EPSS

CVE•added 2019/08/14 9:15 p.m.•141 views

CVE-2019-1184

An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions.To exploit this vulnerabil...

7.2CVSS7AI score0.07274EPSS

CVE•added 2019/08/14 9:15 p.m.•137 views

CVE-2019-1149

9.3CVSS9.3AI score0.37629EPSS

CVE•added 2019/06/12 2:29 p.m.•136 views

CVE-2019-0620

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could caus...

8.4CVSS8.1AI score0.00508EPSS

CVE•added 2019/06/12 2:29 p.m.•136 views

CVE-2019-0904

9.3CVSS8AI score0.10107EPSS

CVE•added 2019/08/14 9:15 p.m.•135 views

CVE-2019-1225

An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system.To exploit this vulnerability, an attacker would have to co...

7.5CVSS6.9AI score0.05847EPSS

CVE•added 2019/06/12 2:29 p.m.•133 views

CVE-2019-0906

9.3CVSS8AI score0.09822EPSS

CVE•added 2019/06/12 2:29 p.m.•133 views

CVE-2019-0986

An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.To exploit this vulnerability, an attacker would first have to ...

7.1CVSS7.2AI score0.03118EPSS

CVE•added 2019/06/12 2:29 p.m.•132 views

CVE-2019-1053

An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.To exploit this vulnerability, an attacker would require unprivileged execution on the vi...

8.8CVSS7.2AI score0.00362EPSS

CVE•added 2019/08/14 9:15 p.m.•132 views

CVE-2019-1150

9.3CVSS8.7AI score0.27004EPSS

CVE•added 2019/08/14 9:15 p.m.•130 views

CVE-2019-1144

9.3CVSS9.1AI score0.41601EPSS

CVE•added 2019/06/12 2:29 p.m.•129 views

CVE-2019-0722

9CVSS8.1AI score0.12753EPSS

CVE•added 2019/08/14 9:15 p.m.•129 views

CVE-2019-1145

9.3CVSS9.1AI score0.3187EPSS

CVE•added 2019/06/12 2:29 p.m.•128 views

CVE-2019-0941

A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering.To exploit this vulnera...

7.5CVSS6.1AI score0.02839EPSS

CVE•added 2019/06/12 2:29 p.m.•127 views

CVE-2019-0948

An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declarati...

5.5CVSS6AI score0.42662EPSS

CVE•added 2019/06/12 2:29 p.m.•127 views

CVE-2019-1021

An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulner...

7.8CVSS8.2AI score0.00299EPSS

CVE•added 2019/08/14 9:15 p.m.•123 views

CVE-2019-1224

7.5CVSS7AI score0.05847EPSS

CVE•added 2019/08/14 9:15 p.m.•122 views

CVE-2019-1152

9.3CVSS9.1AI score0.3187EPSS

CVE•added 2019/06/12 2:29 p.m.•117 views

CVE-2019-0907

9.3CVSS8.1AI score0.10107EPSS

CVE•added 2019/08/14 9:15 p.m.•117 views

CVE-2019-1148

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker wou...

5.5CVSS6.7AI score0.03723EPSS

CVE•added 2019/06/12 2:29 p.m.•116 views

CVE-2019-0974

9.3CVSS8AI score0.13023EPSS

CVE•added 2019/06/12 2:29 p.m.•116 views

CVE-2019-1010

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.There are multiple ways an attacker could exploit ...

6.5CVSS5.6AI score0.07622EPSS

CVE•added 2019/06/12 2:29 p.m.•115 views

CVE-2019-0909

9.3CVSS8AI score0.07186EPSS

Total number of security vulnerabilities112