Microsoft Windows 10 21H2 vulnerabilities

1,827 known vulnerabilities affecting microsoft/windows_10_21h2.

Total CVEs

1,827

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL44HIGH1303MEDIUM473LOW7

Vulnerabilities

SortPage 17 of 92

CVE-2023-36006P3HIGHCVSS 8.8fixed in 10.0.19041.38032023-12-12

CVE-2023-36006 [HIGH] CWE-121 CVE-2023-36006: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-21370P3HIGHCVSS 8.8fixed in 10.0.19044.40462024-02-13

CVE-2024-21370 [HIGH] CWE-122 CVE-2024-21370: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-21366P3HIGHCVSS 8.8fixed in 10.0.19044.40462024-02-13

CVE-2024-21366 [HIGH] CWE-122 CVE-2024-21366: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-21360P3HIGHCVSS 8.8fixed in 10.0.19044.40462024-02-13

CVE-2024-21360 [HIGH] CWE-122 CVE-2024-21360: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-21358P3HIGHCVSS 8.8fixed in 10.0.19044.40462024-02-13

CVE-2024-21358 [HIGH] CWE-122 CVE-2024-21358: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-21365P3HIGHCVSS 8.8fixed in 10.0.19044.40462024-02-13

CVE-2024-21365 [HIGH] CWE-122 CVE-2024-21365: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-30097P3HIGHCVSS 8.8fixed in 10.0.19044.45292024-06-11

CVE-2024-30097 [HIGH] CWE-415 CVE-2024-30097: Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

nvd

CVE-2024-30006P3HIGHCVSS 8.8fixed in 10.0.19044.44122024-05-14

CVE-2024-30006 [HIGH] CWE-416 CVE-2024-30006: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-21349P3HIGHCVSS 8.8fixed in 10.0.19044.40462024-02-13

CVE-2024-21349 [HIGH] CWE-122 CVE-2024-21349: Microsoft ActiveX Data Objects Remote Code Execution Vulnerability Microsoft ActiveX Data Objects Remote Code Execution Vulnerability

nvd

CVE-2025-24056P3HIGHCVSS 8.8fixed in 10.0.19044.56082025-03-11

CVE-2025-24056 [HIGH] CWE-122 CVE-2025-24056: Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute co Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.

nvd

CVE-2024-30013P3HIGHCVSS 8.8fixed in 10.0.19044.46512024-07-09

CVE-2024-30013 [HIGH] CWE-415 CVE-2024-30013: Windows MultiPoint Services Remote Code Execution Vulnerability Windows MultiPoint Services Remote Code Execution Vulnerability

nvd

CVE-2026-20871P3HIGHCVSS 7.8fixed in 10.0.19044.68092026-01-13

CVE-2026-20871 [HIGH] CWE-416 CVE-2026-20871: Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locall Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-27477P3HIGHCVSS 8.8fixed in 10.0.19044.57372025-04-08

CVE-2025-27477 [HIGH] CWE-122 CVE-2025-27477: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute c Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

nvd

CVE-2024-43599P3HIGHCVSS 8.8fixed in 10.0.19044.50112024-10-08

CVE-2024-43599 [HIGH] CWE-416 CVE-2024-43599: Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability

nvd

CVE-2025-21222P3HIGHCVSS 8.8fixed in 10.0.19044.57372025-04-08

CVE-2025-21222 [HIGH] CWE-122 CVE-2025-21222: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute c Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-21221P3HIGHCVSS 8.8fixed in 10.0.19044.57372025-04-08

CVE-2025-21221 [HIGH] CWE-122 CVE-2025-21221: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute c Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-21205P3HIGHCVSS 8.8fixed in 10.0.19044.57372025-04-08

CVE-2025-21205 [HIGH] CWE-122 CVE-2025-21205: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute c Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-21417P3HIGHCVSS 8.8fixed in 10.0.19044.53712025-01-14

CVE-2025-21417 [HIGH] CWE-122 CVE-2025-21417: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

CVE-2025-21409P3HIGHCVSS 8.8fixed in 10.0.19044.53712025-01-14

CVE-2025-21409 [HIGH] CWE-122 CVE-2025-21409: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

CVE-2025-21339P3HIGHCVSS 8.8fixed in 10.0.19044.53712025-01-14

CVE-2025-21339 [HIGH] CWE-122 CVE-2025-21339: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

← Previous17 / 92Next →