Microsoft Windows vulnerabilities
831 known vulnerabilities affecting microsoft/windows.
Total CVEs
831
CISA KEV
31
actively exploited
Public exploits
51
Exploited in wild
32
Severity breakdown
CRITICAL15HIGH591MEDIUM223LOW2
Vulnerabilities
Page 27 of 42
CVE-2019-1419HIGHCVSS 8.8v7 for 32-bit Systems Service Pack 1v7 for x64-based Systems Service Pack 1+16 more2019-11-12
CVE-2019-1419 [HIGH] CVE-2019-1419: A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manage
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1456.
cvelistv5nvd
CVE-2019-1398HIGHCVSS 8.4v10 Version 1709 for x64-based Systemsv10 Version 1803 for x64-based Systems+1 more2019-11-12
CVE-2019-1398 [HIGH] CVE-2019-1398: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a gu
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1397.
cvelistv5
CVE-2019-1405HIGHCVSS 7.8KEVPoCv7 for 32-bit Systems Service Pack 1v7 for x64-based Systems Service Pack 1+16 more2019-11-12
CVE-2019-1405 [HIGH] CWE-269 CVE-2019-1405: An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) servi
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
cvelistv5nvd
CVE-2019-1441HIGHCVSS 8.8v7 for 32-bit Systems Service Pack 1v7 for x64-based Systems Service Pack 12019-11-12
CVE-2019-1441 [HIGH] CWE-119 CVE-2019-1441: A remote code execution vulnerability exists when the Windows font library improperly handles specia
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'.
cvelistv5nvd
CVE-2019-1388HIGHCVSS 7.8KEVv7 for 32-bit Systems Service Pack 1v7 for x64-based Systems Service Pack 1+16 more2019-11-12
CVE-2019-1388 [HIGH] CWE-269 CVE-2019-1388: An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not pr
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
cvelistv5nvd
CVE-2019-1406HIGHCVSS 7.8v7 for 32-bit Systems Service Pack 1v7 for x64-based Systems Service Pack 1+16 more2019-11-12
CVE-2019-1406 [HIGH] CVE-2019-1406: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.
cvelistv5nvd
CVE-2019-1415HIGHCVSS 7.8v7 for 32-bit Systems Service Pack 1v7 for x64-based Systems Service Pack 1+16 more2019-11-12
CVE-2019-1415 [HIGH] CVE-2019-1415: An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Insta
An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'.
cvelistv5nvd
CVE-2019-1396HIGHCVSS 7.8v7 for 32-bit Systems Service Pack 1v7 for x64-based Systems Service Pack 1+16 more2019-11-12
CVE-2019-1396 [HIGH] CVE-2019-1396: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1408, CVE-2019-1434.
cvelistv5
CVE-2019-1394HIGHCVSS 7.8v7 for 32-bit Systems Service Pack 1v7 for x64-based Systems Service Pack 1+16 more2019-11-12
CVE-2019-1394 [HIGH] CVE-2019-1394: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434.
cvelistv5
CVE-2019-1438HIGHCVSS 7.8v7 for 32-bit Systems Service Pack 1v7 for x64-based Systems Service Pack 1+16 more2019-11-12
CVE-2019-1438 [HIGH] CVE-2019-1438: An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Compone
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1437.
cvelistv5
CVE-2019-1383HIGHCVSS 7.8v10 for 32-bit Systemsv10 for x64-based Systems+11 more2019-11-12
CVE-2019-1383 [HIGH] CVE-2019-1383: An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Ser
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1417.
cvelistv5
CVE-2019-1417HIGHCVSS 7.8v10 for 32-bit Systemsv10 for x64-based Systems+11 more2019-11-12
CVE-2019-1417 [HIGH] CVE-2019-1417: An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Ser
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1383.
cvelistv5
CVE-2019-1420HIGHCVSS 7.8v10 for 32-bit Systemsv10 for x64-based Systems+11 more2019-11-12
CVE-2019-1420 [HIGH] CVE-2019-1420: An elevation of privilege vulnerability exists in the way that the dssvc
An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1422, CVE-2019-1423.
cvelistv5
CVE-2019-1379HIGHCVSS 7.8v10 for 32-bit Systemsv10 for x64-based Systems+11 more2019-11-12
CVE-2019-1379 [HIGH] CVE-2019-1379: An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly hand
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1383, CVE-2019-1417.
cvelistv5nvd
CVE-2019-1416HIGHCVSS 7.0v10 Version 1709 for 32-bit Systemsv10 Version 1709 for x64-based Systems+7 more2019-11-12
CVE-2019-1416 [HIGH] CWE-362 CVE-2019-1416: An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linu
An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.
cvelistv5nvd
CVE-2019-1456HIGHCVSS 8.8v7 for 32-bit Systems Service Pack 1v7 for x64-based Systems Service Pack 1+16 more2019-11-12
CVE-2019-1456 [HIGH] CVE-2019-1456: A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted Ope
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1419.
cvelistv5
CVE-2019-1397HIGHCVSS 8.4v7 for x64-based Systems Service Pack 1v8.1 for x64-based systems+5 more2019-11-12
CVE-2019-1397 [HIGH] CVE-2019-1397: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a gu
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1398.
cvelistv5
CVE-2019-1389HIGHCVSS 8.4v10 Version 1709 for x64-based Systemsv10 Version 1803 for x64-based Systems+1 more2019-11-12
CVE-2019-1389 [HIGH] CWE-20 CVE-2019-1389: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1397, CVE-2019-1398.
cvelistv5nvd
CVE-2019-1424HIGHCVSS 8.1v7 for 32-bit Systems Service Pack 1v7 for x64-based Systems Service Pack 1+16 more2019-11-12
CVE-2019-1424 [HIGH] CVE-2019-1424: A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure com
A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel, aka 'NetLogon Security Feature Bypass Vulnerability'.
cvelistv5nvd
CVE-2019-1433HIGHCVSS 7.8v7 for 32-bit Systems Service Pack 1v7 for x64-based Systems Service Pack 1+16 more2019-11-12
CVE-2019-1433 [HIGH] CVE-2019-1433: An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Compone
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438.
cvelistv5