Microsoft Windows 10 20H2 vulnerabilities

210 known vulnerabilities affecting microsoft/windows_10_20h2.

Total CVEs

210

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL11HIGH156MEDIUM43

Vulnerabilities

Page 7 of 11

CVE-2023-24869HIGHCVSS 8.1fixed in 10.0.19042.27282023-03-14

CVE-2023-24869 [HIGH] CWE-190 CVE-2023-24869: Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability

nvd

CVE-2023-23410HIGHCVSS 7.8fixed in 10.0.19042.27282023-03-14

CVE-2023-23410 [HIGH] CWE-190 CVE-2023-23410: Windows HTTP.sys Elevation of Privilege Vulnerability Windows HTTP.sys Elevation of Privilege Vulnerability

nvd

CVE-2023-24913HIGHCVSS 8.8fixed in 10.0.19042.27282023-03-14

CVE-2023-24913 [HIGH] CWE-122 CVE-2023-24913: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

nvd

CVE-2023-24865MEDIUMCVSS 6.5fixed in 10.0.19042.27282023-03-14

CVE-2023-24865 [MEDIUM] CWE-20 CVE-2023-24865: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

nvd

CVE-2023-24862MEDIUMCVSS 5.5fixed in 10.0.19042.27282023-03-14

CVE-2023-24862 [MEDIUM] CWE-125 CVE-2023-24862: Windows Secure Channel Denial of Service Vulnerability Windows Secure Channel Denial of Service Vulnerability

nvd

CVE-2023-24906MEDIUMCVSS 6.5fixed in 10.0.19042.27282023-03-14

CVE-2023-24906 [MEDIUM] CWE-190 CVE-2023-24906: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

nvd

CVE-2023-24911MEDIUMCVSS 4.3fixed in 10.0.19042.27282023-03-14

CVE-2023-24911 [MEDIUM] CWE-191 CVE-2023-24911: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

nvd

CVE-2023-24880MEDIUMCVSS 4.4KEVfixed in 10.0.19042.27282023-03-14

CVE-2023-24880 [MEDIUM] CWE-863 CVE-2023-24880: Windows SmartScreen Security Feature Bypass Vulnerability Windows SmartScreen Security Feature Bypass Vulnerability

nvd

CVE-2023-23394MEDIUMCVSS 5.5fixed in 10.0.19042.27282023-03-14

CVE-2023-23394 [MEDIUM] CWE-822 CVE-2023-23394: Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability

nvd

CVE-2023-24866MEDIUMCVSS 6.5fixed in 10.0.19042.27282023-03-14

CVE-2023-24866 [MEDIUM] CWE-20 CVE-2023-24866: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

nvd

CVE-2023-24857MEDIUMCVSS 6.5fixed in 10.0.19042.27282023-03-14

CVE-2023-24857 [MEDIUM] CWE-126 CVE-2023-24857: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

nvd

CVE-2023-24863MEDIUMCVSS 6.5fixed in 10.0.19042.27282023-03-14

CVE-2023-24863 [MEDIUM] CWE-190 CVE-2023-24863: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

nvd

CVE-2023-24870MEDIUMCVSS 6.5fixed in 10.0.19042.27282023-03-14

CVE-2023-24870 [MEDIUM] CWE-126 CVE-2023-24870: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

nvd

CVE-2023-23409MEDIUMCVSS 5.5fixed in 10.0.19042.27282023-03-14

CVE-2023-23409 [MEDIUM] CWE-20 CVE-2023-23409: Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability

nvd

CVE-2023-1017HIGHCVSS 7.8fixed in 10.0.19042.27282023-02-28

CVE-2023-1017 [HIGH] CWE-787 CVE-2023-1017: An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution

nvd

CVE-2023-1018MEDIUMCVSS 5.5fixed in 10.0.19042.27282023-02-28

CVE-2023-1018 [MEDIUM] CWE-125 CVE-2023-1018: An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past th An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

nvd

CVE-2023-21803CRITICALCVSS 9.8fixed in 10.0.19042.26042023-02-14

CVE-2023-21803 [CRITICAL] CWE-190 CVE-2023-21803: Windows iSCSI Discovery Service Remote Code Execution Vulnerability Windows iSCSI Discovery Service Remote Code Execution Vulnerability

nvd

CVE-2023-21689CRITICALCVSS 9.8fixed in 10.0.19042.26042023-02-14

CVE-2023-21689 [CRITICAL] CWE-122 CVE-2023-21689: Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

nvd

CVE-2023-21690CRITICALCVSS 9.8fixed in 10.0.19042.26042023-02-14

CVE-2023-21690 [CRITICAL] CWE-122 CVE-2023-21690: Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

nvd

CVE-2023-21692CRITICALCVSS 9.8fixed in 10.0.19042.26042023-02-14

CVE-2023-21692 [CRITICAL] CWE-122 CVE-2023-21692: Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

nvd

← Previous7 / 11Next →