Lucene search
K
MicrosoftWindows Server 1803

35 matches found

CVE
CVE
added 2020/03/12 3:48 p.m.1539 views

CVE-2020-0787

CVE-2020-0787 is a privilege-escalation flaw in Microsoft Windows BITS (Background Intelligent Transfer Service) caused by improper handling of symbolic links. The issue can allow an attacker who can run code on a vulnerable host to escalate to system-level privileges and execute arbitrary code. ...

7.8CVSS8.5AI score0.42524EPSS
In wild
CVE
CVE
added 2020/01/14 11:11 p.m.1363 views

CVE-2020-0601

The CVE-2020-0601 issue affects Windows CryptoAPI (Crypt32.dll) and its ECC certificate validation, enabling a spoofing attack where a forged code-signing certificate could make malware appear trusted. Affected platforms include Windows 10 and Windows Server 2016/2019, with the vulnerability tied...

8.1CVSS7.6AI score0.89436EPSS
In wild
CVE
CVE
added 2020/06/09 7:43 p.m.1298 views

CVE-2020-0986

Technical details about CVE-2020-0986 are not publicly available in the provided connected documents. Please monitor for updates; current materials mention malware references in related EUVD entries but do not disclose affected products, vulnerable components, impact, or fixes.

7.8CVSS7.7AI score0.15932EPSS
In wild
CVE
CVE
added 2019/10/10 1:28 p.m.1267 views

CVE-2019-1322

CVE-2019-1322 is a Windows local privilege escalation vulnerability, arising from improper handling of authentication requests that can allow an attacker to execute with SYSTEM privileges. Public references and connected items show explicit exploitation tooling and modules (e.g., COMahawk and Ere...

7.8CVSS7.8AI score0.19205EPSS
In wild
CVE
CVE
added 2020/02/11 9:22 p.m.1226 views

CVE-2020-0683

CVE-2020-0683 is a Windows Installer Elevation of Privilege vulnerability. The issue occurs when MSI packages process symbolic links, allowing a local attacker to bypass access restrictions and add or remove files. Technical details across connected sources confirm the affected component (Windows...

7.8CVSS8AI score0.07667EPSS
In wild
CVE
CVE
added 2020/05/21 10:52 p.m.1208 views

CVE-2020-1054

CVE-2020-1054 is a Win32k kernel-mode elevation of privilege vulnerability in Windows where the Windows kernel-driver mishandles memory objects. The CVE entry is distinct from CVE-2020-1143. Public references in the provided set show an exploit for CVE-2020-1054 (Out-of-bounds write in Microsoft ...

7.8CVSS7.8AI score0.52778EPSS
In wild
CVE
CVE
added 2019/11/12 6:53 p.m.1197 views

CVE-2019-1405

CVE-2019-1405 is a local privilege-escalation flaw in the Windows UPnP service where improper handling allows COM object creation. Root cause per the connected CISA KEV entry is improper COM object creation by the UPnP service, enabling elevation of privileges. The CVSSv3.1 metrics in the initial...

7.8CVSS8.4AI score0.2995EPSS
In wild
CVE
CVE
added 2019/04/09 8:19 p.m.1194 views

CVE-2019-0859

CVE-2019-0859 (Windows Win32k Privilege Escalation) : A local privilege escalation vulnerability in the Win32k component of Microsoft Windows arises from Win32k failing to properly handle objects in memory, enabling an attacker to run code in kernel mode. Several connected sources corroborate thi...

7.8CVSS8.2AI score0.04151EPSS
In wild
CVE
CVE
added 2018/10/10 1:0 p.m.1187 views

CVE-2018-8453

CVE-2018-8453 is a Windows Win32k local privilege escalation vulnerability. The flaw arises when Win32k fails to properly handle memory objects, allowing an attacker to escalate privileges via local code execution. Affected products include Windows 7, Windows 8.1, Windows 10 (and server variants ...

7.8CVSS7.6AI score0.69833EPSS
In wild
CVE
CVE
added 2019/04/09 8:15 p.m.1174 views

CVE-2019-0803

CVE-2019-0803 is a Windows Win32k elevation of privilege vulnerability. Root cause: Win32k fails to properly handle objects in memory, enabling local kernel-mode code execution. Affected software: Microsoft Windows Win32k component (privilege escalation). Impact: local privilege escalation with k...

7.8CVSS8.2AI score0.4523EPSS
In wild
CVE
CVE
added 2019/06/12 1:49 p.m.1166 views

CVE-2019-1064

CVE-2019-1064 is a Windows elevation-of-privilege flaw in the AppXSVC (Windows AppX Deployment Service) due to improper handling of hard links. The root cause allows a locally authenticated attacker to run processes in an elevated context, potentially installing programs or modifying data. Micros...

7.8CVSS7.7AI score0.06886EPSS
In wild
CVE
CVE
added 2019/07/29 2:13 p.m.1155 views

CVE-2019-1130

CVE-2019-1130 is a Windows privilege-escalation vulnerability in the AppX Deployment Service (AppXSVC) caused by improper handling of hard links. The CVE notes an elevation of privilege from a local user, with a CVSSv3.1 base score of 7.8 (LOCAL attack, LOW complexity, Privileges Required: LOW; U...

7.8CVSS7.7AI score0.02284EPSS
In wild
CVE
CVE
added 2019/06/12 1:49 p.m.1136 views

CVE-2019-1069

CVE-2019-1069 is a Windows Task Scheduler Privilege Escalation vulnerability in which the Task Scheduler Service inadequately validates certain file operations. The issue enables local privilege escalation when an attacker with unprivileged code execution on a victim system exploits the flaw. Mic...

7.8CVSS7.9AI score0.06117EPSS
In wild
CVE
CVE
added 2019/09/11 9:24 p.m.1134 views

CVE-2019-1253

CVE-2019-1253 describes a local privilege-escalation in Microsoft Windows AppX Deployment Server caused by improper handling of junctions. The vulnerability allows an attacker who already has code execution on the target system to elevate privileges (local attack, low integrity/login requirements...

7.8CVSS8.2AI score0.11616EPSS
In wild
CVE
CVE
added 2019/09/11 9:24 p.m.1121 views

CVE-2019-1215

CVE-2019-1215 describes a local privilege-escalation in Windows via ws2ifsl.sys (Winsock) where improper handling of memory-resident objects enables code execution with elevated privileges. Affected component is Winsock’s ws2ifsl.sys; root cause is memory handling of objects within the Winsock su...

7.8CVSS8.1AI score0.19254EPSS
In wild
CVE
CVE
added 2019/09/11 9:24 p.m.1113 views

CVE-2019-1214

CVE-2019-1214 is a Windows privilege-escalation vulnerability in the Windows Common Log File System (CLFS) Driver. It stems from improper handling of objects in memory, enabling a local attacker to escalate privileges on a vulnerable system. Public references consistently describe the CLFS driver...

7.8CVSS8AI score0.01419EPSS
In wild
CVE
CVE
added 2019/04/08 11:41 p.m.1112 views

CVE-2019-0703

CVE-2019-0703 is described in the initial doc as an information-disclosure vulnerability in the Windows SMB Server’s handling of certain requests, distinct from CVE-2019-0704 and CVE-2019-0821. Connected sources add concrete context: FireEye/Mandiant notes this CVE was used in targeted attacks du...

6.5CVSS6.8AI score0.0964EPSS
In wild
CVE
CVE
added 2019/05/16 6:17 p.m.1110 views

CVE-2019-0863

CVE-2019-0863 is a Windows Elevation of Privilege vulnerability in Windows Error Reporting (WER) where the vulnerability stems from the way WER handles files. The underlying issue allows local attackers to escalate to kernel-level privileges (CVE-2019-0863). Microsoft patched this in the May 2019...

7.8CVSS7.7AI score0.05207EPSS
In wild
CVE
CVE
added 2019/01/08 9:0 p.m.1100 views

CVE-2019-0543

Technical details about CVE-2019-0543 are not publicly provided in the supplied documents. Monitor for updates.

7.8CVSS7.7AI score0.04718EPSS
In wild
CVE
CVE
added 2020/04/15 3:12 p.m.1095 views

CVE-2020-0938

CVE-2020-0938 affects the Windows Adobe Font Manager Library by improperly handling specially crafted multi-master Font 1 PostScript fonts. The root cause is a vulnerability in the font parser that can allow remote code execution when processing crafted documents. For all Windows versions except ...

7.8CVSS8.2AI score0.69166EPSS
In wild
CVE
CVE
added 2019/04/09 2:34 a.m.1087 views

CVE-2019-0797

CVE-2019-0797 is a Windows Win32k privilege-escalation vulnerability caused by the Win32k component failing to properly handle objects in memory, enabling local code execution with kernel privileges. Affected: Windows Win32k subsystem (Win32k.sys). Impact: elevated privileges to SYSTEM with poten...

7.8CVSS8.2AI score0.0189EPSS
In wild
CVE
CVE
added 2020/04/15 3:13 p.m.1085 views

CVE-2020-1027

CVE-2020-1027 is a Windows privilege-escalation vulnerability affecting Windows kernel memory handling and the CSRSS subsystem. The Windows kernel path (memory object handling) enabled local privilege escalation via write-what-where style abuse in kernel fault paths, while the CSRSS path allowed ...

7.8CVSS8AI score0.04447EPSS
In wild
CVE
CVE
added 2018/08/15 5:0 p.m.1080 views

CVE-2018-8405

Technical details (exploit vector, affected products/versions, root cause specifics, and mitigations) are not publicly disclosed in the provided connected documents. Monitor for updates from authoritative sources.

7.8CVSS7.7AI score0.03444EPSS
In wild
CVE
CVE
added 2018/08/15 5:0 p.m.1076 views

CVE-2018-8406

CVE-2018-8406 is a DirectX Graphics Kernel (DXGKRNL) privilege-escalation vulnerability caused by the DXGKRNL driver improperly handling memory objects. Affected products include Windows Server 2016 and Windows 10 (and Windows 10 Servers). The CVE is characterized by a local, low-complexity attac...

7.8CVSS7.7AI score0.03444EPSS
In wild
CVE
CVE
added 2019/05/16 6:17 p.m.1070 views

CVE-2019-0903

Technical details about CVE-2019-0903 (affected component/version/root cause/impact) are not publicly provided in the supplied documents. Monitor for updates.

9.3CVSS8AI score0.21713EPSS
In wild
CVE
CVE
added 2020/01/14 11:11 p.m.1070 views

CVE-2020-0638

CVE-2020-0638 is a Windows Update Notification Manager elevation-of-privilege vulnerability. An attacker who already has code execution on the target could exploit the flaw by running a crafted program to elevate privileges, due to how the Update Notification Manager handles files. The issue is l...

7.8CVSS8.6AI score0.02928EPSS
In wild
CVE
CVE
added 2019/07/29 2:13 p.m.1047 views

CVE-2019-1129

CVE-2019-1129 is a Windows AppX Deployment Service (AppXSVC) privilege-escalation vulnerability caused by improper handling of hard links. The issue enables local Privilege Escalation with high impact; CVSS 3.1 base score 7.8 (LOCAL, LOW complexity, no user interaction) as documented by NVD, and ...

7.8CVSS7.7AI score0.01782EPSS
In wild
CVE
CVE
added 2018/08/15 5:0 p.m.1013 views

CVE-2018-8414

CVE-2018-8414 is a Windows Shell remote code execution vulnerability where the Windows Shell fails to validate file paths. If a user opens a specially crafted file, an attacker could run arbitrary code in the user’s context. The vulnerability affects Windows 10 and related shells. Microsoft relea...

9.3CVSS8.9AI score0.73968EPSS
In wild
CVE
CVE
added 2018/05/09 7:0 p.m.338 views

CVE-2018-0824

CVE-2018-0824 is a Microsoft Windows remote code execution vulnerability in the COM subsystem due to improper handling of serialized objects. Public writeups and advisories summarize that a specially crafted file or script can trigger code execution, with potential remote impact when users open o...

8.8CVSS7.9AI score0.73469EPSS
In wild
CVE
CVE
added 2018/06/14 12:0 p.m.133 views

CVE-2018-8226

The CVE-2018-8226 entry describes a denial-of-service in the HTTP/2 protocol stack (HTTP.sys) for Windows. Affected components include HTTP.sys on Windows Server 2016 and Windows 10/Windows 10 Servers, with the root cause being improper parsing of specially crafted HTTP/2 requests, leading to sys...

7.8CVSS7.6AI score0.12701EPSS
CVE
CVE
added 2018/06/14 12:0 p.m.127 views

CVE-2018-8140

CVE-2018-8140 (Cortana Elevation of Privilege) affects Windows 10 and Windows Server (server 1709/1803) where Cortana retrieves data from user input services without considering status, enabling local privilege escalation. Root cause: Cortana’s data handling allows execution of commands with elev...

6.8CVSS7.4AI score0.01643EPSS
CVE
CVE
added 2018/10/10 1:0 p.m.124 views

CVE-2018-8493

CVE-2018-8493 describes an information-disclosure vulnerability in the Windows TCP/IP stack where fragmented IP packets are mishandled. Affected products include Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, and Windows 10 Servers. The underlying issue is i...

7.5CVSS6.8AI score0.08421EPSS
CVE
CVE
added 2018/06/14 12:0 p.m.116 views

CVE-2018-8175

CVE-2018-8175 describes a denial-of-service in Windows WebDAV Minirdr when querying a WebDAV directory. The vulnerability can be triggered by a user visiting a attacker-controlled site or link, leading to the victim’s system stopping to respond. Affected products include Windows 10 and Windows Se...

7.1CVSS6.9AI score0.06662EPSS
CVE
CVE
added 2018/06/14 12:0 p.m.110 views

CVE-2018-8239

CVE-2018-8239 — Windows GDI Information Disclosure Vulnerability affects Windows Server 2016, Windows 10, and Windows 10 Server variants. The root cause is that the Windows GDI component improperly discloses the contents of memory (an information-disclosure flaw). An attacker could exploit this b...

5.5CVSS6.1AI score0.58533EPSS
CVE
CVE
added 2018/06/14 12:0 p.m.105 views

CVE-2018-8231

CVE-2018-8231 is a remote code execution vulnerability in Microsoft Windows HTTP.sys. The flaw occurs when Http.sys improperly handles objects in memory, allowing an attacker to gain control of the affected system by sending specially crafted requests. Affected products include Windows Server 201...

9.3CVSS8.6AI score0.14988EPSS