Microsoft Windows 7
By the Year
In 2021 there have been 35 vulnerabilities in Microsoft Windows 7 with an average score of 7.8 out of ten. Last year Windows 7 had 386 security vulnerabilities published. Right now, Windows 7 is on track to have less security vulnerabilities in 2021 than it did last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.38.
Year | Vulnerabilities | Average Score |
---|---|---|
2021 | 35 | 7.80 |
2020 | 386 | 7.42 |
2019 | 321 | 7.25 |
2018 | 162 | 6.53 |
It may take a day or so for new Windows 7 vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Microsoft Windows 7 Security Vulnerabilities
Windows CryptoAPI Denial of Service Vulnerability
CVE-2021-1679
6.5 - Medium
- January 12, 2021
Windows CryptoAPI Denial of Service Vulnerability
CVE-2021-1679 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1693
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688.
CVE-2021-1693 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1655
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
CVE-2021-1655 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1652
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
CVE-2021-1652 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1659
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1688, CVE-2021-1693.
CVE-2021-1659 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
CVE-2021-1668
7.8 - High
- January 12, 2021
Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
CVE-2021-1668 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1658
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
CVE-2021-1658 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
NTLM Security Feature Bypass Vulnerability
CVE-2021-1678
7.5 - High
- January 12, 2021
NTLM Security Feature Bypass Vulnerability
CVE-2021-1678 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1701
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700.
CVE-2021-1701 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
GDI+ Remote Code Execution Vulnerability
CVE-2021-1665
7.8 - High
- January 12, 2021
GDI+ Remote Code Execution Vulnerability
CVE-2021-1665 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Active Template Library Elevation of Privilege Vulnerability
CVE-2021-1649
7.8 - High
- January 12, 2021
Active Template Library Elevation of Privilege Vulnerability
CVE-2021-1649 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1700
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1701.
CVE-2021-1700 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows GDI+ Information Disclosure Vulnerability
CVE-2021-1708
5.7 - Medium
- January 12, 2021
Windows GDI+ Information Disclosure Vulnerability
CVE-2021-1708 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
CVE-2021-1676
5.5 - Medium
- January 12, 2021
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
CVE-2021-1676 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2021-1704
7.8 - High
- January 12, 2021
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2021-1704 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Fax Compose Form Remote Code Execution Vulnerability
CVE-2021-1657
7.8 - High
- January 12, 2021
Windows Fax Compose Form Remote Code Execution Vulnerability
CVE-2021-1657 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1653
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
CVE-2021-1653 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1654
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
CVE-2021-1654 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1660
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
CVE-2021-1660 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1709
7.8 - High
- January 12, 2021
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1709 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
CVE-2021-1674
8.8 - High
- January 12, 2021
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
CVE-2021-1674 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
CVE-2021-1702
7.8 - High
- January 12, 2021
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
CVE-2021-1702 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1661
7.8 - High
- January 12, 2021
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1661 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows (modem.sys) Information Disclosure Vulnerability
CVE-2021-1699
5.5 - Medium
- January 12, 2021
Windows (modem.sys) Information Disclosure Vulnerability
CVE-2021-1699 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1666
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
CVE-2021-1666 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2021-1694
9.8 - Critical
- January 12, 2021
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2021-1694 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Improper Privilege Management
Windows Graphics Component Information Disclosure Vulnerability
CVE-2021-1696
5.5 - Medium
- January 12, 2021
Windows Graphics Component Information Disclosure Vulnerability
CVE-2021-1696 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows LUAFV Elevation of Privilege Vulnerability
CVE-2021-1706
8.8 - High
- January 12, 2021
Windows LUAFV Elevation of Privilege Vulnerability
CVE-2021-1706 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1688
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1693.
CVE-2021-1688 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-1695
7.8 - High
- January 12, 2021
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-1695 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
TPM Device Driver Information Disclosure Vulnerability
CVE-2021-1656
5.5 - Medium
- January 12, 2021
TPM Device Driver Information Disclosure Vulnerability
CVE-2021-1656 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1664
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
CVE-2021-1664 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1673
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1700, CVE-2021-1701.
CVE-2021-1673 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1671
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
CVE-2021-1671 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1667
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
CVE-2021-1667 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16962
7.8 - High
- December 10, 2020
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16963, CVE-2020-16964.
CVE-2020-16962 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16963
7.8 - High
- December 10, 2020
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16964.
CVE-2020-16963 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16961
7.8 - High
- December 10, 2020
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
CVE-2020-16961 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16958
7.8 - High
- December 10, 2020
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
CVE-2020-16958 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16960
7.8 - High
- December 10, 2020
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
CVE-2020-16960 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16959
7.8 - High
- December 10, 2020
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
CVE-2020-16959 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows GDI+ Information Disclosure Vulnerability
CVE-2020-17098
5.5 - Medium
- December 10, 2020
Windows GDI+ Information Disclosure Vulnerability
CVE-2020-17098 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows SMB Information Disclosure Vulnerability
CVE-2020-17140
6.5 - Medium
- December 10, 2020
Windows SMB Information Disclosure Vulnerability
CVE-2020-17140 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16964
7.8 - High
- December 10, 2020
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963.
CVE-2020-16964 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-17001
7.8 - High
- November 11, 2020
Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.
CVE-2020-17001 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Graphics Component Information Disclosure Vulnerability
CVE-2020-17004
5.5 - Medium
- November 11, 2020
Windows Graphics Component Information Disclosure Vulnerability
CVE-2020-17004 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows Port Class Library Elevation of Privilege Vulnerability
CVE-2020-17011
7.8 - High
- November 11, 2020
Windows Port Class Library Elevation of Privilege Vulnerability
CVE-2020-17011 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Network File System Denial of Service Vulnerability
CVE-2020-17047
7.5 - High
- November 11, 2020
Windows Network File System Denial of Service Vulnerability
CVE-2020-17047 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Windows Kernel Local Elevation of Privilege Vulnerability
CVE-2020-17087
7.8 - High
- November 11, 2020
Windows Kernel Local Elevation of Privilege Vulnerability
CVE-2020-17087 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Remote Desktop Protocol Server Information Disclosure Vulnerability
CVE-2020-16997
6.5 - Medium
- November 11, 2020
Remote Desktop Protocol Server Information Disclosure Vulnerability
CVE-2020-16997 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-17043
7.8 - High
- November 11, 2020
Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17044, CVE-2020-17055.
CVE-2020-17043 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Canonical Display Driver Information Disclosure Vulnerability
CVE-2020-17029
5.5 - Medium
- November 11, 2020
Windows Canonical Display Driver Information Disclosure Vulnerability
CVE-2020-17029 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2020-17088
7.8 - High
- November 11, 2020
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2020-17088 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows GDI+ Remote Code Execution Vulnerability
CVE-2020-17068
7.8 - High
- November 11, 2020
Windows GDI+ Remote Code Execution Vulnerability
CVE-2020-17068 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Win32k Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-17038
7.8 - High
- November 11, 2020
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010.
CVE-2020-17038 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Spoofing Vulnerability
CVE-2020-1599
5.5 - Medium
- November 11, 2020
Windows Spoofing Vulnerability
CVE-2020-1599 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
CVE-2020-17036
5.5 - Medium
- November 11, 2020
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
CVE-2020-17036 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2020-17042
8.8 - High
- November 11, 2020
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2020-17042 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-17044
7.8 - High
- November 11, 2020
Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17055.
CVE-2020-17044 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows KernelStream Information Disclosure Vulnerability
CVE-2020-17045
5.5 - Medium
- November 11, 2020
Windows KernelStream Information Disclosure Vulnerability
CVE-2020-17045 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
Windows NDIS Information Disclosure Vulnerability
CVE-2020-17069
5.5 - Medium
- November 11, 2020
Windows NDIS Information Disclosure Vulnerability
CVE-2020-17069 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2020-17000
5.5 - Medium
- November 11, 2020
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2020-17000 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-17014
7.1 - High
- November 11, 2020
Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.
CVE-2020-17014 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker
CVE-2020-16972
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.
CVE-2020-16972 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker
CVE-2020-16912
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.
CVE-2020-16912 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests
CVE-2020-16863
7.5 - High
- October 16, 2020
A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Service Denial of Service Vulnerability'.
CVE-2020-16863 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
An elevation of privilege vulnerability exists when Group Policy improperly checks access
CVE-2020-16939
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka 'Group Policy Elevation of Privilege Vulnerability'.
CVE-2020-16939 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.To exploit this vulnerability, an attacker
CVE-2020-16900
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event System Elevation of Privilege Vulnerability'.
CVE-2020-16900 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker
CVE-2020-16974
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16975, CVE-2020-16976.
CVE-2020-16974 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker
CVE-2020-16936
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.
CVE-2020-16936 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory
CVE-2020-16924
7.8 - High
- October 16, 2020
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.
CVE-2020-16924 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Memory Corruption
An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory
CVE-2020-16897
5.5 - Medium
- October 16, 2020
An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory, aka 'NetBT Information Disclosure Vulnerability'.
CVE-2020-16897 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory
CVE-2020-16889
5.5 - Medium
- October 16, 2020
An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory, aka 'Windows KernelStream Information Disclosure Vulnerability'.
CVE-2020-16889 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files
CVE-2020-16933
8.8 - High
- October 16, 2020
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files, aka 'Microsoft Word Security Feature Bypass Vulnerability'.
CVE-2020-16933 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Handling of Exceptional Conditions
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker
CVE-2020-16976
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975.
CVE-2020-16976 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges
CVE-2020-16902
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'.
CVE-2020-16902 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
A spoofing vulnerability exists when Windows incorrectly validates file signatures
CVE-2020-16922
5.5 - Medium
- October 16, 2020
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.
CVE-2020-16922 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Improper Verification of Cryptographic Signature
An information disclosure vulnerability exists in the way
CVE-2020-16914
5.5 - Medium
- October 16, 2020
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'.
CVE-2020-16914 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input
CVE-2020-16891
8.8 - High
- October 16, 2020
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.
CVE-2020-16891 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.0 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Input Validation
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker
CVE-2020-16975
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16976.
CVE-2020-16975 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists in the way
CVE-2020-16887
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.
CVE-2020-16887 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
A remote code execution vulnerability exists in the way
CVE-2020-16923
7.8 - High
- October 16, 2020
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1167.
CVE-2020-16923 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory
CVE-2020-16949
7.5 - High
- October 16, 2020
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Denial of Service Vulnerability'.
CVE-2020-16949 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Memory Leak
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points
CVE-2020-16940
5.5 - Medium
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points, aka 'Windows - User Profile Service Elevation of Privilege Vulnerability'.
CVE-2020-16940 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Improper Privilege Management
A remote code execution vulnerability exists in the way
CVE-2020-16911
8.8 - High
- October 16, 2020
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
CVE-2020-16911 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker
CVE-2020-16973
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.
CVE-2020-16973 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests
CVE-2020-16896
7.5 - High
- October 16, 2020
An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability'.
CVE-2020-16896 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation
CVE-2020-16935
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16916.
CVE-2020-16935 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation
CVE-2020-16916
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16935.
CVE-2020-16916 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations
CVE-2020-16920
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka 'Windows Application Compatibility Client Library Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16876.
CVE-2020-16920 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory
CVE-2020-1083
5.5 - Medium
- September 11, 2020
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0921.
CVE-2020-1083 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
An information disclosure vulnerability exists when the win32k component improperly provides kernel information
CVE-2020-1250
5.5 - Medium
- September 11, 2020
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0941.
CVE-2020-1250 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
An elevation of privilege vulnerability exists in the way
CVE-2020-1052
7.8 - High
- September 11, 2020
An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1159, CVE-2020-1376.
CVE-2020-1052 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
A information disclosure vulnerability exists when TLS components use weak hash algorithms
CVE-2020-1596
5.3 - Medium
- September 11, 2020
A information disclosure vulnerability exists when TLS components use weak hash algorithms, aka 'TLS Information Disclosure Vulnerability'.
Use of a Broken or Risky Cryptographic Algorithm
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory
CVE-2020-1074
7.8 - High
- September 11, 2020
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1039.
CVE-2020-1074 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
An elevation of privilege vulnerability exists in the way
CVE-2020-1491
7.8 - High
- September 11, 2020
An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'.
CVE-2020-1491 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls
CVE-2020-0790
7.8 - High
- September 11, 2020
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.
CVE-2020-0790 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory
CVE-2020-1115
7.8 - High
- September 11, 2020
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.
CVE-2020-1115 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker
CVE-2020-0912
7.8 - High
- September 11, 2020
An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability'.
CVE-2020-0912 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory
CVE-2020-0911
7.8 - High
- September 11, 2020
An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'.
CVE-2020-0911 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management