Microsoft Windows 10 Version 1809 vulnerabilities
3,135 known vulnerabilities affecting microsoft/windows_10_version_1809.
Total CVEs
3,135
CISA KEV
116
actively exploited
Public exploits
61
Exploited in wild
102
Severity breakdown
CRITICAL83HIGH2241MEDIUM800LOW11
Vulnerabilities
Page 147 of 157
CVE-2020-0839HIGHCVSS 7.8≥ 10.0.0, < publication2020-09-11
CVE-2020-0839 [HIGH] CVE-2020-0839: <p>An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects i
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability
nvd
CVE-2020-0782HIGHCVSS 7.8≥ 10.0.0, < publication2020-09-11
CVE-2020-0782 [HIGH] CVE-2020-0782: <p>An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services im
An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted a
nvd
CVE-2020-1508HIGHCVSS 8.8≥ 10.0.0, < publication2020-09-11
CVE-2020-1508 [HIGH] CVE-2020-1508: <p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user
nvd
CVE-2020-1097MEDIUMCVSS 6.5≥ 10.0.0, < publication2020-09-11
CVE-2020-1097 [MEDIUM] CVE-2020-1097: <p>An information disclosure vulnerability exists when the Windows GDI component improperly disclose
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a speci
nvd
CVE-2020-0928MEDIUMCVSS 5.5≥ 10.0.0, < publication2020-09-11
CVE-2020-0928 [MEDIUM] CVE-2020-0928: <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. T
nvd
CVE-2020-1596MEDIUMCVSS 5.3≥ 10.0.0, < publication2020-09-11
CVE-2020-1596 [MEDIUM] CWE-327 CVE-2020-1596: <p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. An at
A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel.
To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack.
The update addresses t
nvd
CVE-2020-1589MEDIUMCVSS 5.5≥ 10.0.0, < publication2020-09-11
CVE-2020-1589 [MEDIUM] CVE-2020-1589: <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. T
nvd
CVE-2020-1083MEDIUMCVSS 5.5≥ 10.0.0, < publication2020-09-11
CVE-2020-1083 [MEDIUM] CVE-2020-1083: <p>An information disclosure vulnerability exists when the Microsoft Windows Graphics Component impr
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially c
nvd
CVE-2020-0941MEDIUMCVSS 5.5≥ 10.0.0, < publication2020-09-11
CVE-2020-0941 [MEDIUM] CVE-2020-0941: <p>An information disclosure vulnerability exists when the win32k component improperly provides kern
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally au
nvd
CVE-2020-0989MEDIUMCVSS 5.5≥ 10.0.0, < publication2020-09-11
CVE-2020-0989 [MEDIUM] CWE-862 CVE-2020-0989: <p>An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagno
An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a
nvd
CVE-2020-1091MEDIUMCVSS 6.5≥ 10.0.0, < publication2020-09-11
CVE-2020-1091 [MEDIUM] CVE-2020-1091: <p>An information disclosure vulnerability exists when the Windows GDI component improperly disclose
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a speci
nvd
CVE-2020-0837MEDIUMCVSS 5.3≥ 10.0.0, < publication2020-09-11
CVE-2020-0837 [MEDIUM] CVE-2020-0837: <p>An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) i
An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factors.
To exploit this vulnerability, an attacker could send a specially crafted authenticatio
nvd
CVE-2020-0875MEDIUMCVSS 5.5≥ 10.0.0, < publication2020-09-11
CVE-2020-0875 [MEDIUM] CVE-2020-0875: <p>An information disclosure vulnerability exists in how splwow64.exe handles certain calls. An atta
An information disclosure vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system (low-integrity to medium-integrity).
This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to
nvd
CVE-2020-16854MEDIUMCVSS 5.5≥ 10.0.0, < publication2020-09-11
CVE-2020-16854 [MEDIUM] CVE-2020-16854: <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
nvd
CVE-2020-0890MEDIUMCVSS 6.5≥ 10.0.0, < publication2020-09-11
CVE-2020-0890 [MEDIUM] CVE-2020-0890: <p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properl
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.
To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.
The sec
nvd
CVE-2020-0904MEDIUMCVSS 6.5≥ 10.0.0, < publication2020-09-11
CVE-2020-0904 [MEDIUM] CWE-20 CVE-2020-0904: <p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properl
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.
To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.
nvd
CVE-2020-0914MEDIUMCVSS 5.5≥ 10.0.0, < publication2020-09-11
CVE-2020-0914 [MEDIUM] CVE-2020-0914: <p>An information disclosure vulnerability exists when the Windows State Repository Service improper
An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
An attacker could exploit this vulnerability by running a specially crafted application on the victim system.
nvd
CVE-2020-1250MEDIUMCVSS 5.5≥ 10.0.0, < publication2020-09-11
CVE-2020-1250 [MEDIUM] CVE-2020-1250: <p>An information disclosure vulnerability exists when the win32k component improperly provides kern
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application
nvd
CVE-2020-1038MEDIUMCVSS 5.5≥ 10.0.0, < publication2020-09-11
CVE-2020-1038 [MEDIUM] CVE-2020-1038: <p>A denial of service vulnerability exists when Windows Routing Utilities improperly handles object
A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability w
nvd
CVE-2020-1256MEDIUMCVSS 6.5≥ 10.0.0, < publication2020-09-11
CVE-2020-1256 [MEDIUM] CVE-2020-1256: <p>An information disclosure vulnerability exists when the Windows GDI component improperly disclose
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a spe
nvd