Microsoft Windows Server 2008
@windowsserver Tweets

Thu Mar 04 20:12:55 +0000 2021

Wed Mar 03 19:02:10 +0000 2021

Wed Mar 03 17:00:02 +0000 2021

Wed Mar 03 15:00:01 +0000 2021

Sun Feb 28 19:26:44 +0000 2021
By the Year
In 2021 there have been 49 vulnerabilities in Microsoft Windows Server 2008 with an average score of 8.0 out of ten. Last year Windows Server 2008 had 382 security vulnerabilities published. Right now, Windows Server 2008 is on track to have less security vulnerabilities in 2021 than it did last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.57.
Year | Vulnerabilities | Average Score |
---|---|---|
2021 | 49 | 8.02 |
2020 | 382 | 7.45 |
2019 | 314 | 7.28 |
2018 | 156 | 6.47 |
It may take a day or so for new Windows Server 2008 vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Microsoft Windows Server 2008 Security Vulnerabilities
Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-24078
9.8 - Critical
- February 25, 2021
Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-24078 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Windows Address Book Remote Code Execution Vulnerability
CVE-2021-24083
7.8 - High
- February 25, 2021
Windows Address Book Remote Code Execution Vulnerability
CVE-2021-24083 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Out-of-bounds Write
Windows Local Spooler Remote Code Execution Vulnerability
CVE-2021-24088
8.8 - High
- February 25, 2021
Windows Local Spooler Remote Code Execution Vulnerability
CVE-2021-24088 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows TCP/IP Denial of Service Vulnerability
CVE-2021-24086
7.5 - High
- February 25, 2021
Windows TCP/IP Denial of Service Vulnerability
CVE-2021-24086 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-24077
9.8 - Critical
- February 25, 2021
Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1722.
CVE-2021-24077 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Windows PKU2U Elevation of Privilege Vulnerability
CVE-2021-25195
7.8 - High
- February 25, 2021
Windows PKU2U Elevation of Privilege Vulnerability
CVE-2021-25195 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-1726
8 - High
- February 25, 2021
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-1726 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-24103
7.8 - High
- February 25, 2021
Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24102.
CVE-2021-24103 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1722
9.8 - Critical
- February 25, 2021
Windows Fax Service Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24077.
CVE-2021-1722 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-24074
9.8 - Critical
- February 25, 2021
Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24094.
CVE-2021-24074 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-24102
7.8 - High
- February 25, 2021
Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24103.
CVE-2021-24102 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Remote Procedure Call Information Disclosure Vulnerability
CVE-2021-1734
7.5 - High
- February 25, 2021
Windows Remote Procedure Call Information Disclosure Vulnerability
CVE-2021-1734 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-24094
9.8 - Critical
- February 25, 2021
Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24074.
CVE-2021-24094 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1727
7.8 - High
- February 25, 2021
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1727 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1673
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1700, CVE-2021-1701.
CVE-2021-1673 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1655
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
CVE-2021-1655 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1658
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
CVE-2021-1658 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1653
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
CVE-2021-1653 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1667
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
CVE-2021-1667 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1661
7.8 - High
- January 12, 2021
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1661 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
GDI+ Remote Code Execution Vulnerability
CVE-2021-1665
7.8 - High
- January 12, 2021
GDI+ Remote Code Execution Vulnerability
CVE-2021-1665 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1664
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
CVE-2021-1664 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1660
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
CVE-2021-1660 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows Graphics Component Information Disclosure Vulnerability
CVE-2021-1696
5.5 - Medium
- January 12, 2021
Windows Graphics Component Information Disclosure Vulnerability
CVE-2021-1696 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1671
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
CVE-2021-1671 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1666
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
CVE-2021-1666 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1652
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
CVE-2021-1652 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2021-1694
9.8 - Critical
- January 12, 2021
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2021-1694 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Improper Privilege Management
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1709
7.8 - High
- January 12, 2021
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1709 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1700
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1701.
CVE-2021-1700 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1701
8.8 - High
- January 12, 2021
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700.
CVE-2021-1701 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1693
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688.
CVE-2021-1693 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1688
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1693.
CVE-2021-1688 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2021-1704
7.8 - High
- January 12, 2021
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2021-1704 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
CVE-2021-1702
7.8 - High
- January 12, 2021
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
CVE-2021-1702 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
CVE-2021-1668
7.8 - High
- January 12, 2021
Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
CVE-2021-1668 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows CryptoAPI Denial of Service Vulnerability
CVE-2021-1679
6.5 - Medium
- January 12, 2021
Windows CryptoAPI Denial of Service Vulnerability
CVE-2021-1679 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
TPM Device Driver Information Disclosure Vulnerability
CVE-2021-1656
5.5 - Medium
- January 12, 2021
TPM Device Driver Information Disclosure Vulnerability
CVE-2021-1656 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
NTLM Security Feature Bypass Vulnerability
CVE-2021-1678
7.5 - High
- January 12, 2021
NTLM Security Feature Bypass Vulnerability
CVE-2021-1678 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows LUAFV Elevation of Privilege Vulnerability
CVE-2021-1706
8.8 - High
- January 12, 2021
Windows LUAFV Elevation of Privilege Vulnerability
CVE-2021-1706 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
CVE-2021-1674
8.8 - High
- January 12, 2021
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
CVE-2021-1674 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows (modem.sys) Information Disclosure Vulnerability
CVE-2021-1699
5.5 - Medium
- January 12, 2021
Windows (modem.sys) Information Disclosure Vulnerability
CVE-2021-1699 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-1695
7.8 - High
- January 12, 2021
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-1695 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1654
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
CVE-2021-1654 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1659
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1688, CVE-2021-1693.
CVE-2021-1659 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Active Template Library Elevation of Privilege Vulnerability
CVE-2021-1649
7.8 - High
- January 12, 2021
Active Template Library Elevation of Privilege Vulnerability
CVE-2021-1649 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
CVE-2021-1676
5.5 - Medium
- January 12, 2021
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
CVE-2021-1676 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows Fax Compose Form Remote Code Execution Vulnerability
CVE-2021-1657
7.8 - High
- January 12, 2021
Windows Fax Compose Form Remote Code Execution Vulnerability
CVE-2021-1657 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows GDI+ Information Disclosure Vulnerability
CVE-2021-1708
5.7 - Medium
- January 12, 2021
Windows GDI+ Information Disclosure Vulnerability
CVE-2021-1708 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16958
7.8 - High
- December 10, 2020
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
CVE-2020-16958 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16960
7.8 - High
- December 10, 2020
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
CVE-2020-16960 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16963
7.8 - High
- December 10, 2020
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16964.
CVE-2020-16963 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows SMB Information Disclosure Vulnerability
CVE-2020-17140
6.5 - Medium
- December 10, 2020
Windows SMB Information Disclosure Vulnerability
CVE-2020-17140 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16961
7.8 - High
- December 10, 2020
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
CVE-2020-16961 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16964
7.8 - High
- December 10, 2020
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963.
CVE-2020-16964 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16959
7.8 - High
- December 10, 2020
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
CVE-2020-16959 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16962
7.8 - High
- December 10, 2020
Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16963, CVE-2020-16964.
CVE-2020-16962 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows GDI+ Information Disclosure Vulnerability
CVE-2020-17098
5.5 - Medium
- December 10, 2020
Windows GDI+ Information Disclosure Vulnerability
CVE-2020-17098 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
CVE-2020-17036
5.5 - Medium
- November 11, 2020
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
CVE-2020-17036 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-17014
7.1 - High
- November 11, 2020
Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.
CVE-2020-17014 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.
Improper Privilege Management
Windows Network File System Denial of Service Vulnerability
CVE-2020-17047
7.5 - High
- November 11, 2020
Windows Network File System Denial of Service Vulnerability
CVE-2020-17047 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Windows KernelStream Information Disclosure Vulnerability
CVE-2020-17045
5.5 - Medium
- November 11, 2020
Windows KernelStream Information Disclosure Vulnerability
CVE-2020-17045 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
Windows Kernel Local Elevation of Privilege Vulnerability
CVE-2020-17087
7.8 - High
- November 11, 2020
Windows Kernel Local Elevation of Privilege Vulnerability
CVE-2020-17087 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Win32k Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-17038
7.8 - High
- November 11, 2020
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010.
CVE-2020-17038 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2020-17042
8.8 - High
- November 11, 2020
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2020-17042 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows Graphics Component Information Disclosure Vulnerability
CVE-2020-17004
5.5 - Medium
- November 11, 2020
Windows Graphics Component Information Disclosure Vulnerability
CVE-2020-17004 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows Spoofing Vulnerability
CVE-2020-1599
5.5 - Medium
- November 11, 2020
Windows Spoofing Vulnerability
CVE-2020-1599 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-17043
7.8 - High
- November 11, 2020
Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17044, CVE-2020-17055.
CVE-2020-17043 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Network File System Remote Code Execution Vulnerability
CVE-2020-17051
9.8 - Critical
- November 11, 2020
Windows Network File System Remote Code Execution Vulnerability
CVE-2020-17051 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Remote Desktop Protocol Server Information Disclosure Vulnerability
CVE-2020-16997
6.5 - Medium
- November 11, 2020
Remote Desktop Protocol Server Information Disclosure Vulnerability
CVE-2020-16997 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-17001
7.8 - High
- November 11, 2020
Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.
CVE-2020-17001 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-17055
7.8 - High
- November 11, 2020
Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044.
CVE-2020-17055 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2020-17000
5.5 - Medium
- November 11, 2020
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2020-17000 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows Port Class Library Elevation of Privilege Vulnerability
CVE-2020-17011
7.8 - High
- November 11, 2020
Windows Port Class Library Elevation of Privilege Vulnerability
CVE-2020-17011 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Canonical Display Driver Information Disclosure Vulnerability
CVE-2020-17029
5.5 - Medium
- November 11, 2020
Windows Canonical Display Driver Information Disclosure Vulnerability
CVE-2020-17029 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
Windows GDI+ Remote Code Execution Vulnerability
CVE-2020-17068
7.8 - High
- November 11, 2020
Windows GDI+ Remote Code Execution Vulnerability
CVE-2020-17068 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-17044
7.8 - High
- November 11, 2020
Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17055.
CVE-2020-17044 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows NDIS Information Disclosure Vulnerability
CVE-2020-17069
5.5 - Medium
- November 11, 2020
Windows NDIS Information Disclosure Vulnerability
CVE-2020-17069 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2020-17088
7.8 - High
- November 11, 2020
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2020-17088 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker
CVE-2020-16973
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.
CVE-2020-16973 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges
CVE-2020-16902
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'.
CVE-2020-16902 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker
CVE-2020-16972
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.
CVE-2020-16972 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation
CVE-2020-16935
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16916.
CVE-2020-16935 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker
CVE-2020-16975
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16976.
CVE-2020-16975 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists in the way
CVE-2020-16887
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.
CVE-2020-16887 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory
CVE-2020-16949
7.5 - High
- October 16, 2020
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Denial of Service Vulnerability'.
CVE-2020-16949 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Memory Leak
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker
CVE-2020-16912
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976.
CVE-2020-16912 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input
CVE-2020-16891
8.8 - High
- October 16, 2020
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.
CVE-2020-16891 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.0 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Input Validation
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation
CVE-2020-16916
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16935.
CVE-2020-16916 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory
CVE-2020-16889
5.5 - Medium
- October 16, 2020
An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory, aka 'Windows KernelStream Information Disclosure Vulnerability'.
CVE-2020-16889 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files
CVE-2020-16933
8.8 - High
- October 16, 2020
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files, aka 'Microsoft Word Security Feature Bypass Vulnerability'.
CVE-2020-16933 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Handling of Exceptional Conditions
An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations
CVE-2020-16920
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka 'Windows Application Compatibility Client Library Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16876.
CVE-2020-16920 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests
CVE-2020-16863
7.5 - High
- October 16, 2020
A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Service Denial of Service Vulnerability'.
CVE-2020-16863 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points
CVE-2020-16940
5.5 - Medium
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points, aka 'Windows - User Profile Service Elevation of Privilege Vulnerability'.
CVE-2020-16940 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.To exploit this vulnerability, an attacker
CVE-2020-16900
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event System Elevation of Privilege Vulnerability'.
CVE-2020-16900 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker
CVE-2020-16974
7.8 - High
- October 16, 2020
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16975, CVE-2020-16976.
CVE-2020-16974 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory
CVE-2020-16924
7.8 - High
- October 16, 2020
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.
CVE-2020-16924 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Memory Corruption
An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory
CVE-2020-16897
5.5 - Medium
- October 16, 2020
An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory, aka 'NetBT Information Disclosure Vulnerability'.
CVE-2020-16897 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
A spoofing vulnerability exists when Windows incorrectly validates file signatures
CVE-2020-16922
5.5 - Medium
- October 16, 2020
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.
CVE-2020-16922 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Improper Verification of Cryptographic Signature
A remote code execution vulnerability exists in the way
CVE-2020-16923
7.8 - High
- October 16, 2020
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1167.
CVE-2020-16923 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.