Windows 10 21h2 Security Vulnerabilities and Issues — Page 4 of Windows 10 21h2 CVE List

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process o...

7.8CVSS7.7AI score0.00187EPSS

CVE•added 2023/03/14 5:15 p.m.•321 views

CVE-2023-21708

Remote Procedure Call Runtime Remote Code Execution Vulnerability

9.8CVSS9.7AI score0.04719EPSS

CVE•added 2025/01/14 6:15 p.m.•321 views

CVE-2025-21189

MapUrlToZone Security Feature Bypass Vulnerability

4.3CVSS4.6AI score0.00189EPSS

CVE•added 2023/05/09 6:15 p.m.•314 views

CVE-2023-29325

Windows OLE Remote Code Execution Vulnerability

8.1CVSS8.8AI score0.2384EPSS

CVE•added 2025/02/11 6:15 p.m.•310 views

CVE-2025-21418

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

7.8CVSS8.2AI score0.04314EPSS

In wild

CVE•added 2023/11/14 6:15 p.m.•307 views

CVE-2023-36705

Windows Installer Elevation of Privilege Vulnerability

7.8CVSS8.6AI score0.00162EPSS

CVE•added 2024/05/14 5:17 p.m.•305 views

CVE-2024-30040

Windows MSHTML Platform Security Feature Bypass Vulnerability

8.8CVSS6.3AI score0.51138EPSS

In wild

CVE•added 2025/06/10 5:22 p.m.•304 views

CVE-2025-33065

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00056EPSS

CVE•added 2025/06/10 5:22 p.m.•300 views

CVE-2025-33052

Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

5.5CVSS5.3AI score0.00144EPSS

CVE•added 2025/01/14 6:15 p.m.•299 views

CVE-2025-21335

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.05766EPSS

In wild

CVE•added 2023/11/28 7:15 a.m.•297 views

CVE-2023-24023

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.

6.8CVSS6.8AI score0.00176EPSS

CVE•added 2023/05/09 6:15 p.m.•297 views

CVE-2023-24943

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

9.8CVSS9.6AI score0.01302EPSS

CVE•added 2025/01/14 6:15 p.m.•297 views

CVE-2025-21334

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.04579EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•296 views

CVE-2025-24054

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS6.5AI score0.28518EPSS

In wild

CVE•added 2024/03/12 5:15 p.m.•294 views

CVE-2024-21408

Windows Hyper-V Denial of Service Vulnerability

5.5CVSS6.8AI score0.00478EPSS

CVE•added 2023/11/14 6:15 p.m.•292 views

CVE-2023-36394

Windows Search Service Elevation of Privilege Vulnerability

7CVSS8.1AI score0.01054EPSS

CVE•added 2024/08/14 12:15 a.m.•289 views

CVE-2024-38163

Windows Update Stack Elevation of Privilege Vulnerability

7.8CVSS8.3AI score0.00614EPSS

CVE•added 2024/04/09 5:15 p.m.•281 views

CVE-2024-26229

Windows CSC Service Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.83008EPSS

CVE•added 2023/05/09 6:15 p.m.•279 views

CVE-2023-29324

Windows MSHTML Platform Security Feature Bypass Vulnerability

6.5CVSS8AI score0.02256EPSS

CVE•added 2024/01/09 6:15 p.m.•279 views

CVE-2024-20674

Windows Kerberos Security Feature Bypass Vulnerability

8.8CVSS8.4AI score0.15936EPSS

CVE•added 2024/08/13 6:15 p.m.•279 views

CVE-2024-38193

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.66421EPSS

In wild

CVE•added 2024/08/13 6:15 p.m.•279 views

CVE-2024-38213

Windows Mark of the Web Security Feature Bypass Vulnerability

6.5CVSS6.5AI score0.75065EPSS

In wild

CVE•added 2024/03/12 5:15 p.m.•277 views

CVE-2024-21407

Windows Hyper-V Remote Code Execution Vulnerability

8.1CVSS8.5AI score0.05403EPSS

CVE•added 2023/11/14 6:15 p.m.•274 views

CVE-2023-36719

Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability

7.8CVSS8.5AI score0.00134EPSS

CVE•added 2024/08/13 6:15 p.m.•272 views

CVE-2024-38178

Scripting Engine Memory Corruption Vulnerability

7.5CVSS7.4AI score0.25932EPSS

In wild

CVE•added 2024/03/12 5:15 p.m.•270 views

CVE-2024-21438

Microsoft AllJoyn API Denial of Service Vulnerability

7.5CVSS7.6AI score0.03412EPSS

CVE•added 2024/09/10 5:15 p.m.•268 views

CVE-2024-21416

Windows TCP/IP Remote Code Execution Vulnerability

9.8CVSS9AI score0.05887EPSS

CVE•added 2025/06/10 5:23 p.m.•268 views

CVE-2025-33073

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

8.8CVSS8.7AI score0.03645EPSS

CVE•added 2023/02/28 6:15 p.m.•264 views

CVE-2023-1018

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

5.5CVSS6.5AI score0.00151EPSS

CVE•added 2023/04/11 9:15 p.m.•262 views

CVE-2023-28293

Windows Kernel Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.07282EPSS

CVE•added 2024/04/09 5:15 p.m.•259 views

CVE-2024-26207

Windows Remote Access Connection Manager Information Disclosure Vulnerability

5.5CVSS6.6AI score0.00465EPSS

CVE•added 2023/11/14 6:15 p.m.•257 views

CVE-2023-36405

Windows Kernel Elevation of Privilege Vulnerability