Windows 10 Security Vulnerabilities and Issues — Windows 10 CVE List

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.

7.8CVSS8.2AI score0.84886EPSS

In wild

CVE•added 2022/01/11 9:15 p.m.•971 views

CVE-2022-21907

HTTP Protocol Stack Remote Code Execution Vulnerability

10CVSS9.7AI score0.91737EPSS

In wild

CVE•added 2015/08/15 12:59 a.m.•911 views

CVE-2015-1769

Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting ...

7.2CVSS7.3AI score0.12652EPSS

In wild

CVE•added 2015/07/20 6:59 p.m.•897 views

CVE-2015-2426

Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a cra...

9.3CVSS7.4AI score0.91612EPSS

In wild

CVE•added 2018/05/22 12:29 p.m.•764 views

CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store ...

5.5CVSS5.9AI score0.46737EPSS

In wild

CVE•added 2018/09/06 9:29 p.m.•670 views

CVE-2018-5391

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation hav...

7.8CVSS7.7AI score0.05017EPSS

In wild

CVE•added 2022/04/15 7:15 p.m.•630 views

CVE-2022-26809

Remote Procedure Call Runtime Remote Code Execution Vulnerability

10CVSS9.6AI score0.92281EPSS

CVE•added 2019/09/03 6:15 p.m.•608 views

CVE-2019-1125

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.To exploit this vulnerability, an attacker would have to log on to an a...

5.6CVSS6.8AI score0.13742EPSS

CVE•added 2022/05/10 9:15 p.m.•585 views

CVE-2022-29130

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

9.8CVSS9.4AI score0.13776EPSS

CVE•added 2022/07/12 11:15 p.m.•577 views

CVE-2022-30209

Windows IIS Server Elevation of Privilege Vulnerability

7.4CVSS7.9AI score0.05027EPSS

CVE•added 2021/05/11 8:15 p.m.•562 views

CVE-2020-24588

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802...

3.5CVSS6.4AI score0.00446EPSS

CVE•added 2020/06/08 5:15 p.m.•546 views

CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

7.8CVSS7.6AI score0.03213EPSS

CVE•added 2018/03/14 5:29 p.m.•512 views

CVE-2018-0886

The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execu...

7.6CVSS7AI score0.91367EPSS

CVE•added 2023/01/10 10:15 p.m.•509 views

CVE-2023-21752

Windows Backup Service Elevation of Privilege Vulnerability

7.1CVSS7AI score0.45914EPSS

CVE•added 2022/06/14 10:15 p.m.•474 views

CVE-2022-32230

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most ...

7.8CVSS7.5AI score0.04549EPSS

CVE•added 2022/03/09 5:15 p.m.•462 views

CVE-2022-24508

Win32 File Enumeration Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.04055EPSS

CVE•added 2019/08/14 9:15 p.m.•443 views

CVE-2019-1181

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. A...

10CVSS9.7AI score0.684EPSS

CVE•added 2016/04/12 11:59 p.m.•426 views

CVE-2016-0128

The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers ...

6.8CVSS6.4AI score0.78649EPSS

CVE•added 2020/06/09 8:15 p.m.•414 views

CVE-2020-1206

An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.

7.5CVSS7.4AI score0.47718EPSS

In wild

CVE•added 2022/05/10 9:15 p.m.•408 views

CVE-2022-22012

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

9.8CVSS9.4AI score0.06584EPSS

CVE•added 2023/10/10 6:15 p.m.•397 views

CVE-2023-36589

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3CVSS8.4AI score0.00423EPSS

CVE•added 2023/10/10 6:15 p.m.•385 views

CVE-2023-36591

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3CVSS8.4AI score0.00423EPSS

CVE•added 2022/03/09 5:15 p.m.•381 views

CVE-2022-21990

Remote Desktop Client Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.15997EPSS

CVE•added 2023/10/10 6:15 p.m.•381 views

CVE-2023-36697

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

8CVSS8.1AI score0.00144EPSS

CVE•added 2023/10/10 6:15 p.m.•376 views

CVE-2023-36581

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

7.5CVSS8.4AI score0.00387EPSS

CVE•added 2023/10/10 6:15 p.m.•376 views

CVE-2023-36593

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.8CVSS8.4AI score0.0065EPSS

CVE•added 2023/10/10 6:15 p.m.•375 views

CVE-2023-36592

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3CVSS8.4AI score0.00423EPSS

CVE•added 2022/07/12 11:15 p.m.•372 views

CVE-2022-22048

BitLocker Security Feature Bypass Vulnerability

6.6CVSS7.2AI score0.00729EPSS

In wild

CVE•added 2023/10/10 6:15 p.m.•372 views

CVE-2023-36606

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

7.5CVSS8.4AI score0.49765EPSS

CVE•added 2020/03/12 4:15 p.m.•371 views

CVE-2020-0645

A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'.

7.5CVSS8.2AI score0.08197EPSS

CVE•added 2022/04/15 7:15 p.m.•366 views

CVE-2022-24481

Windows Common Log File System Driver Elevation of Privilege Vulnerability

7.8CVSS8.6AI score0.4425EPSS

In wild

CVE•added 2023/10/10 6:15 p.m.•366 views

CVE-2023-36590

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3CVSS8.4AI score0.0031EPSS

CVE•added 2023/10/10 6:15 p.m.•361 views

CVE-2023-36582

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3CVSS8.4AI score0.00653EPSS

CVE•added 2023/10/10 6:15 p.m.•361 views

CVE-2023-36583

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

7.3CVSS8.4AI score0.00611EPSS

CVE•added 2022/03/09 5:15 p.m.•360 views

CVE-2022-24503

Remote Desktop Protocol Client Information Disclosure Vulnerability

5.4CVSS6.6AI score0.00778EPSS

CVE•added 2021/07/16 9:15 p.m.•359 views

CVE-2021-34481

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or de...

9.8CVSS8.6AI score0.26941EPSS

In wild

CVE•added 2019/10/10 2:15 p.m.•358 views

CVE-2019-1365

An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\sy...

9.9CVSS9.3AI score0.02534EPSS

CVE•added 2022/01/11 9:15 p.m.•355 views

CVE-2022-21894

Secure Boot Security Feature Bypass Vulnerability

4.9CVSS6.2AI score0.45082EPSS

In wild

CVE•added 2019/04/09 9:29 p.m.•352 views

CVE-2019-0836

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0841.

7.8CVSS6.7AI score0.85917EPSS

In wild

CVE•added 2022/03/09 5:15 p.m.•344 views

CVE-2022-23288

Windows DWM Core Library Elevation of Privilege Vulnerability

7CVSS7.6AI score0.00356EPSS

CVE•added 2022/09/13 7:15 p.m.•344 views

CVE-2022-26928

Windows Photo Import API Elevation of Privilege Vulnerability

7CVSS8.1AI score0.001EPSS

In wild

CVE•added 2017/03/17 12:59 a.m.•330 views

CVE-2017-0055

Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run scr...

6.1CVSS5.4AI score0.01387EPSS

CVE•added 2020/07/29 6:15 p.m.•325 views

CVE-2020-15707

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extrem...

6.4CVSS7.6AI score0.00033EPSS

CVE•added 2021/01/12 8:15 p.m.•321 views

CVE-2021-1648

Microsoft splwow64 Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.00979EPSS

In wild

CVE•added 2020/06/09 8:15 p.m.•320 views

CVE-2020-1269

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020...

7.8CVSS7.7AI score0.17136EPSS

In wild

CVE•added 2021/06/08 11:15 p.m.•319 views

CVE-2021-26414

Windows DCOM Server Security Feature Bypass

6.5CVSS6.9AI score0.14238EPSS

CVE•added 2017/09/13 1:29 a.m.•316 views

CVE-2017-8628

Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka "Microsoft Bluetooth Driver Spoofing Vulnerability".

6.8CVSS7AI score0.00736EPSS

Total number of security vulnerabilities2979