Microsoft Windows 10 Servers vulnerabilities
206 known vulnerabilities affecting microsoft/windows_10_servers.
Total CVEs
206
CISA KEV
9
actively exploited
Public exploits
30
Exploited in wild
13
Severity breakdown
CRITICAL3HIGH111MEDIUM88LOW4
Vulnerabilities
Page 3 of 11
CVE-2018-8562HIGHCVSS 7.8vversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-11-14
CVE-2018-8562 [HIGH] CWE-404 CVE-2018-8562: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server
cvelistv5nvd
CVE-2018-8450HIGHCVSS 8.8vversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-11-14
CVE-2018-8450 [HIGH] CWE-404 CVE-2018-8450: A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Win
A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
cvelistv5nvd
CVE-2018-8544HIGHCVSS 8.8PoCvversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-11-14
CVE-2018-8544 [HIGH] CWE-416 CVE-2018-8544: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008
cvelistv5nvd
CVE-2018-8485HIGHCVSS 7.8vversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-11-14
CVE-2018-8485 [HIGH] CWE-404 CVE-2018-8485: An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, ak
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8554, CV
cvelistv5nvd
CVE-2018-8415HIGHCVSS 7.8vversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-11-14
CVE-2018-8415 [HIGH] CWE-94 CVE-2018-8415: A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code
A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008
cvelistv5nvd
CVE-2018-8584HIGHCVSS 7.8PoCvversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-11-14
CVE-2018-8584 [HIGH] CWE-367 CVE-2018-8584: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Loc
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
cvelistv5nvd
CVE-2018-8454MEDIUMCVSS 5.5vversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-11-14
CVE-2018-8454 [MEDIUM] CWE-200 CVE-2018-8454: An information disclosure vulnerability exists when Windows Audio Service fails to properly handle o
An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory, aka "Windows Audio Service Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.
cvelistv5nvd
CVE-2018-8547MEDIUMCVSS 5.4vversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-11-14
CVE-2018-8547 [MEDIUM] CWE-79 CVE-2018-8547: A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Ac
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directory Federation Services XSS Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows
cvelistv5nvd
CVE-2018-8408MEDIUMCVSS 5.5vversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-11-14
CVE-2018-8408 [MEDIUM] CWE-665 CVE-2018-8408: An information disclosure vulnerability exists when the Windows kernel improperly initializes object
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windo
cvelistv5nvd
CVE-2018-8407MEDIUMCVSS 5.5vversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-11-14
CVE-2018-8407 [MEDIUM] CWE-665 CVE-2018-8407: An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver i
An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver improperly initializes objects in memory, aka "MSRPC Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, W
cvelistv5nvd
CVE-2018-8566MEDIUMCVSS 4.6vversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-11-14
CVE-2018-8566 [MEDIUM] CVE-2018-8566: A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Enc
A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
cvelistv5nvd
CVE-2018-8565MEDIUMCVSS 5.5vversion 1709 (Server Core Installation)2018-11-14
CVE-2018-8565 [MEDIUM] CWE-200 CVE-2018-8565: An information disclosure vulnerability exists when the win32k component improperly provides kernel
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka "Win32k Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Ser
cvelistv5nvd
CVE-2018-8417MEDIUMCVSS 5.3vversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-11-14
CVE-2018-8417 [MEDIUM] CVE-2018-8417: A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to
A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard, aka "Microsoft JScript Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
cvelistv5nvd
CVE-2018-8495HIGHCVSS 7.5vversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-10-10
CVE-2018-8495 [HIGH] CWE-22 CVE-2018-8495: A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Window
A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
cvelistv5nvd
CVE-2018-8329HIGHCVSS 7.8vversion 1803 (Server Core Installation)2018-10-10
CVE-2018-8329 [HIGH] CWE-404 CVE-2018-8329: An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to prope
An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory, aka "Linux On Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers.
cvelistv5nvd
CVE-2018-8489HIGHCVSS 8.4vversion 1709 (Server Core Installation)2018-10-10
CVE-2018-8489 [HIGH] CWE-20 CVE-2018-8489: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012
cvelistv5nvd
CVE-2018-8333HIGHCVSS 7.0vversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-10-10
CVE-2018-8333 [HIGH] CWE-404 CVE-2018-8333: An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects
An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka "Microsoft Filter Manager Elevation Of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server
cvelistv5nvd
CVE-2018-8484HIGHCVSS 7.8vversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-10-10
CVE-2018-8484 [HIGH] CWE-404 CVE-2018-8484: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver imp
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10
cvelistv5nvd
CVE-2018-8493HIGHCVSS 7.5vversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-10-10
CVE-2018-8493 [HIGH] CVE-2018-8493: An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles frag
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka "Windows TCP/IP Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
cvelistv5nvd
CVE-2018-8497HIGHCVSS 7.8vversion 1709 (Server Core Installation)vversion 1803 (Server Core Installation)2018-10-10
CVE-2018-8497 [HIGH] CWE-404 CVE-2018-8497: An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
cvelistv5nvd