Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-0754

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-04 Jan, 2018 | 14:00
Updated At-16 Sep, 2024 | 17:43
Rejected At-
Credits

The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Information Disclosure Vulnerability".

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:04 Jan, 2018 | 14:00
Updated At:16 Sep, 2024 | 17:43
Rejected At:
▼CVE Numbering Authority (CNA)

The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Information Disclosure Vulnerability".

Affected Products
Vendor
Microsoft CorporationMicrosoft Corporation
Product
Windows Adobe Type Manager Font Driver (Atmfd.dll)
Versions
Affected
  • Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709
Problem Types
TypeCWE IDDescription
textN/AInformation Disclosure
Type: text
CWE ID: N/A
Description: Information Disclosure
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1040098
vdb-entry
x_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0754
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102362
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id/1040098
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0754
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/102362
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1040098
vdb-entry
x_refsource_SECTRACK
x_transferred
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0754
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/102362
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id/1040098
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0754
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/102362
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:04 Jan, 2018 | 14:29
Updated At:24 Aug, 2020 | 17:37

The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Information Disclosure Vulnerability".

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Microsoft Corporation
microsoft
>>windows_10>>-
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1511
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1703
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1709
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>-
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_8.1>>*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>-
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>1709
cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/102362secure@microsoft.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040098secure@microsoft.com
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0754secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/102362
Source: secure@microsoft.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1040098
Source: secure@microsoft.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0754
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

498Records found
CVE-2001-0152
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-8.36% / 92.47%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-plusn/a
CVE-2019-1283
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.73% / 73.25%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:25
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2008WindowsWindows Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2001-0261
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-1.22% / 79.50%
||
7 Day CHG~0.00%
Published-04 Apr, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2000n/a
CVE-2019-1382
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 57.79%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication, aka 'Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CVE-2019-1293
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.22% / 79.43%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:25
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1345
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-5.33% / 90.27%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1334.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-1370
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.64% / 71.01%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-open_enclave_software_development_kitOpen Enclave SDK
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2000-0485
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-1.27% / 79.94%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sql_servern/a
CVE-2008-4540
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-2.33% / 85.18%
||
7 Day CHG~0.00%
Published-13 Oct, 2008 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access.

Action-Not Available
Vendor-htcn/aMicrosoft Corporation
Product-hermeswindows_mobilen/a
CVE-2019-1334
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.86% / 83.47%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1363
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.86% / 83.47%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2008WindowsWindows Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-3897
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.06% / 20.11%
||
7 Day CHG~0.00%
Published-03 Sep, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

Action-Not Available
Vendor-freed0mn/aMicrosoft Corporation
Product-windowsdisckcryptorn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1344
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-5.46% / 90.39%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-1369
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.73% / 73.25%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-open_enclave_software_development_kitOpen Enclave SDK
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1381
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.06% / 78.04%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1337
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.14% / 78.84%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-3539
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.12% / 30.28%
||
7 Day CHG~0.00%
Published-10 Sep, 2008 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-hpsi_racf_connectorhpsi_acf2_connectoribm_tivoli_dir_connectorhpsi_sunone_connectorhpsi_bidir_dirx_connectorhpsi_topsecret_connectorhpsi_edirectory_connectorwindowshpsi_openldap_connectorhpsi_active_directory_connectorhpsi_oid_connectorhpsi_etrust_connectorn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-31960
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 61.22%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bind Filter Driver Information Disclosure Vulnerability

Windows Bind Filter Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows Server version 20H2Windows 10 Version 20H2
CVE-2019-1294
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.94% / 76.63%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:25
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CVE-2021-31184
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.39% / 85.36%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability

Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2008-2747
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.05% / 16.80%
||
7 Day CHG~0.00%
Published-18 Jun, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.

Action-Not Available
Vendor-no-ipn/aMicrosoft Corporation
Product-windowsdynamic_update_clientn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-31171
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.29% / 52.36%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Information Disclosure Vulnerability

Microsoft SharePoint Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1
CVE-2000-0089
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-2.22% / 84.84%
||
7 Day CHG~0.00%
Published-22 Mar, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntn/a
CVE-2021-31174
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.50% / 66.45%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Information Disclosure Vulnerability

Microsoft Excel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serverofficeexceloffice_web_apps_server365_appsMicrosoft Excel 2016Microsoft 365 Apps for EnterpriseMicrosoft Excel 2013 Service Pack 1Microsoft Office Online ServerMicrosoft Office 2016Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Office 2013 Service Pack 1Microsoft Office 2019
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-31955
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.61% / 88.05%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-30 Oct, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1909windows_10_21h1windows_server_2004windows_10_1809windows_server_2019windows_10_2004windows_server_20h2windows_10_20h2Windows Server 2019Windows 10 Version 2004Windows 10 Version 1809Windows Server version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 20H2Windows 10 Version 1909Windows Server version 2004Windows
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2021-29904
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 6.30%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 18:05
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelaixwindowsjazz_for_service_managementJazz for Service Management
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-1254
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.59% / 69.66%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:24
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows Server, version 1903 (Server Core installation)Windows ServerWindows 10 Version 1903 for x64-based Systems
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2008-2159
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.83% / 75.06%
||
7 Day CHG~0.00%
Published-12 May, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-1999-1259
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-1.93% / 83.78%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CVE-1999-1294
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.64% / 71.04%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntn/a
CVE-2019-1227
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.04% / 77.80%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-20 Feb, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10windows_server_2019Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows 10 Version 1903 for 32-bit SystemsWindows Server 2019Windows Server, version 1803 (Server Core Installation)Windows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-1999-1538
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-50.26% / 97.89%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_information_servern/a
CVE-2019-1219
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.22% / 79.43%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:24
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1251
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.86% / 83.47%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:24
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1245.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-11835
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.81% / 86.44%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11832.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2008Microsoft Graphics
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1216
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.07% / 84.29%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:24
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008WindowsWindows Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-11816
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.48% / 87.85%
||
7 Day CHG~0.00%
Published-13 Oct, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Windows GDI Information Disclosure Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_server_2016windows_rt_8.1windows_server_2012Microsoft Windows Graphics Device Interface (GDI)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1472
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.62% / 82.25%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:41
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1474.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-1999-0524
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.30% / 53.65%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-28 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

Action-Not Available
Vendor-scowindrivern/aOracle CorporationMicrosoft CorporationHP Inc.Linux Kernel Organization, IncCisco Systems, Inc.Silicon Graphics, Inc.IBM CorporationNovellApple Inc.
Product-mac_os_xos2windowsbsdoslinux_kernelnetwareaixtru64iossolarisirixsco_unixhp-uxmacosn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-11765
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-8.00% / 92.28%
||
7 Day CHG~0.00%
Published-13 Oct, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11784, CVE-2017-11785, and CVE-2017-11814.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_server_2016windows_rt_8.1windows_server_2012Windows Kernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1440
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.62% / 82.25%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1436.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1400
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.60% / 82.13%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:40
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_365_proplusofficeMicrosoft OfficeOffice 365 ProPlus
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1148
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.23% / 89.01%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-20 Feb, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Graphics Component Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_10windows_8.1windows_server_2008windows_7officewindows_server_2019Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1709Windows 7 Service Pack 1Windows 10 Version 1703Windows Server 2016Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsMicrosoft Office 2019 for Mac
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-28446
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.73% / 73.02%
||
7 Day CHG-0.26%
Published-13 Apr, 2021 | 19:33
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Portmapping Information Disclosure Vulnerability

Windows Portmapping Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1909Windows Server 2012 R2Windows 7Windows Server version 2004Windows Server 2008 Service Pack 2Windows 10 Version 20H2Windows Server, version 1909 (Server Core installation)Windows 7 Service Pack 1Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server 2012Windows Server 2019 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2Windows 10 Version 2004Windows Server 2019Windows Server version 20H2Windows 8.1Windows Server 2012 R2 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows 10 Version 1607
CVE-2019-1418
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-3.3||LOW
EPSS-1.41% / 80.91%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1093
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.82% / 83.27%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 18:56
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1143
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.04% / 77.80%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-20 Feb, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_server_2008windows_10windows_8.1windows_7windows_server_2019Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1709Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1703
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1091
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.19% / 79.22%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 18:56
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory, aka 'Microsoft unistore.dll Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1368
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.94% / 76.63%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CVE-2019-1125
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.6||MEDIUM
EPSS-19.22% / 95.50%
||
7 Day CHG~0.00%
Published-03 Sep, 2019 | 17:52
Updated-20 Feb, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.

Action-Not Available
Vendor-Red Hat, Inc.Microsoft Corporation
Product-windows_server_2016windows_rt_8.1virtualization_hostenterprise_linux_workstationwindows_server_2012windows_server_2008windows_10windows_8.1enterprise_linux_server_ausenterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_serverenterprise_linux_server_euswindows_7windows_server_2019Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1709Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1703
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found