Microsoft Windows 10 vulnerabilities

CVE-2020-1413 [HIGH] CVE-2020-1413: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects i An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.

CVE-2020-1362 [HIGH] CVE-2020-1362: An elevation of privilege vulnerability exists in the way that the Windows WalletService handles obj An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1369.

CVE-2020-1353 [HIGH] CVE-2020-1353: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects i An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.

CVE-2020-1463 [HIGH] CVE-2020-1463: An elevation of privilege vulnerability exists in the way that the SharedStream Library handles obje An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory, aka 'Windows SharedStream Library Elevation of Privilege Vulnerability'.

CVE-2020-1363 [HIGH] CVE-2020-1363: An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles m An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Picker Platform Elevation of Privilege Vulnerability'.

CVE-2020-1430 [HIGH] CVE-2020-1430: An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1354.

CVE-2020-1437 [HIGH] CVE-2020-1437: An elevation of privilege vulnerability exists in the way that the Windows Network Location Awarenes An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'.

CVE-2020-1418 [HIGH] CVE-2020-1418: An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1393.

CVE-2020-1410 [HIGH] CVE-2020-1410: A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vc A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book (WAB), aka 'Windows Address Book Remote Code Execution Vulnerability'.

CVE-2020-1402 [HIGH] CVE-2020-1402: An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'.

CVE-2020-1085 [HIGH] CVE-2020-1085: An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Servic An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'.

CVE-2020-1366 [HIGH] CVE-2020-1366: An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly ha An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory, aka 'Windows Print Workflow Service Elevation of Privilege Vulnerability'.

CVE-2020-1412 [HIGH] CWE-269 CVE-2020-1412: A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle ob A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.

CVE-2020-1352 [HIGH] CVE-2020-1352: An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles m An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows USO Core Worker Elevation of Privilege Vulnerability'.

CVE-2020-1385 [HIGH] CVE-2020-1385: An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory, aka 'Windows Credential Picker Elevation of Privilege Vulnerability'.

CVE-2020-1370 [HIGH] CVE-2020-1370: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects i An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.

CVE-2020-1400 [HIGH] CWE-191 CVE-2020-1400: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407.

CVE-2020-1401 [HIGH] CVE-2020-1401: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1407.

CVE-2020-1249 [HIGH] CVE-2020-1249: An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects i An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.

CVE-2020-1364 [HIGH] CVE-2020-1364: A denial of service vulnerability exists in the way that the WalletService handles files, aka 'Windo A denial of service vulnerability exists in the way that the WalletService handles files, aka 'Windows WalletService Denial of Service Vulnerability'.