56 matches found
CVE-2019-1125
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.To exploit this vulnerability, an attacker would have to log on to an a...
CVE-2019-1040
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features.To exploit t...
CVE-2020-1599
Windows Spoofing Vulnerability
CVE-2019-0948
An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declarati...
CVE-2020-1383
An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s systemTo exploit this vulnerability, an attacker would need to run a special...
CVE-2020-16922
A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.In an attack scenario, an attacker could bypass security features intended to prevent imprope...
CVE-2020-1083
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker wou...
CVE-2020-16897
An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker wo...
CVE-2020-1596
A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel.To exploit the vulnerability, an attacker would have to condu...
CVE-2019-1148
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker wou...
CVE-2020-0941
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.To exploit the vulnerability, an attacker would have to either l...
CVE-2020-0914
An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.An attacker could exploit this vulnerability by r...
CVE-2019-0714
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash.To exploit the vulnerabi...
CVE-2019-1039
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to f...
CVE-2020-16914
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it...
CVE-2020-17098
Windows GDI+ Information Disclosure Vulnerability
CVE-2019-0718
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash.To exploit the vulnerabi...
CVE-2020-16919
An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. An attacker who successfully exploited this vulnerability could read arbitrary files.An attacker with unprivileged access to a vulnerable system could exploi...
CVE-2019-1078
An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.An authenticated attacker could exploit this vulnerabil...
CVE-2020-16889
An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker would have to log ...
CVE-2019-0723
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash.To exploit the vulnerabi...
CVE-2020-16921
An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an ...
CVE-2019-1153
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker wou...
CVE-2019-0715
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash.To exploit the vulnerabi...
CVE-2020-1485
An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.To exploit the vulnerability, an aut...
CVE-2019-1046
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.There are multiple ways an attacker could exploit ...
CVE-2019-1143
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system.There are multiple ways an attacker could exploit th...
CVE-2019-1158
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system.There are multiple ways an attacker could exploit th...
CVE-2019-1163
A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature.To exploit the vulnerability, an attacker could modify a signed CAB file and...
CVE-2020-17036
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
CVE-2020-17069
Windows NDIS Information Disclosure Vulnerability
CVE-2019-1187
A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application.A remote unauthenticated attacker could exploit this vulnerability by iss...
CVE-2020-17004
Windows Graphics Component Information Disclosure Vulnerability
CVE-2020-17045
Windows KernelStream Information Disclosure Vulnerability
CVE-2019-1171
An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker would have to log on to an affected syst...
CVE-2020-17046
Windows Error Reporting Denial of Service Vulnerability
CVE-2020-17094
Windows Error Reporting Information Disclosure Vulnerability
CVE-2020-1038
A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.To exploit this vulnerability, an attacker would have to log on to an affected system...
CVE-2020-17029
Windows Canonical Display Driver Information Disclosure Vulnerability
CVE-2020-0928
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker would have to log on to ...
CVE-2020-17030
Windows MSCTF Server Information Disclosure Vulnerability
CVE-2020-17056
Windows Network File System Information Disclosure Vulnerability
CVE-2019-0717
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash.To exploit the vulnerabi...
CVE-2020-0837
An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factors.To exploit this vulnerabil...
CVE-2020-0921
Microsoft Graphics Component Denial of Service Vulnerability
CVE-2019-1227
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker would have to log on to ...
CVE-2020-17013
Win32k Information Disclosure Vulnerability
CVE-2020-0989
An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files.To exploit this vulnerability, an attacker would first have t...
CVE-2020-1589
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit this vulnerability, an attacker would have to log on to ...
CVE-2020-17071
Windows Delivery Optimization Information Disclosure Vulnerability