Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-1476

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-17 Aug, 2020 | 19:13
Updated At-04 Aug, 2024 | 06:39
Rejected At-
Credits

ASP.NET and .NET Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET handle requests.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:17 Aug, 2020 | 19:13
Updated At:04 Aug, 2024 | 06:39
Rejected At:
â–¼CVE Numbering Authority (CNA)
ASP.NET and .NET Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET handle requests.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 4.8
CPEs
  • cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Platforms
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 Version 1709 for 32-bit Systems
  • Windows 10 Version 1803 for 32-bit Systems
  • Windows 10 Version 1803 for x64-based Systems
  • Windows 10 Version 1709 for x64-based Systems
  • Windows 8.1 for x64-based systems
  • Windows 8.1 for 32-bit systems
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows Server 2016 (Server Core installation)
  • Windows 10 Version 1607 for x64-based Systems
  • Windows Server 2016
  • Windows Server 2012 R2 (Server Core installation)
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows RT 8.1
Versions
Affected
  • From 4.8.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 AND 4.8
CPEs
  • cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*
Platforms
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows Server 2019
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows Server 2019 (Server Core installation)
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1903 for ARM64-based Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows 10 Version 1903 for 32-bit Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows 10 Version 2004 for ARM64-based Systems
  • Windows Server, version 1909 (Server Core installation)
  • Windows Server, version 1903 (Server Core installation)
  • Windows 10 Version 1903 for x64-based Systems
  • Windows Server, version 2004 (Server Core installation)
  • Windows 10 Version 2004 for x64-based Systems
  • Windows 10 Version 2004 for 32-bit Systems
Versions
Affected
  • From 4.8.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 2.0 Service Pack 2
CPEs
  • cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*
Platforms
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
Versions
Affected
  • From 2.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 4.5.2
CPEs
  • cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
Platforms
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows 8.1 for 32-bit systems
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows RT 8.1
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows 8.1 for x64-based systems
  • Windows Server 2012 (Server Core installation)
Versions
Affected
  • From 4.0.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
CPEs
  • cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
Platforms
  • Windows RT 8.1
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows 8.1 for x64-based systems
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 8.1 for 32-bit systems
Versions
Affected
  • From 4.0.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 AND 4.7.2
CPEs
  • cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*
Platforms
  • Windows 10 Version 1803 for ARM64-based Systems
  • Windows 10 Version 1803 for x64-based Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows Server 2019 (Server Core installation)
  • Windows 10 Version 1803 for 32-bit Systems
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows Server 2019
Versions
Affected
  • From 4.7.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
CPEs
  • cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Platforms
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows Server 2016
  • Windows Server 2016 (Server Core installation)
Versions
Affected
  • From 3.0.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2
CPEs
  • cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*
Platforms
  • Windows 10 for 32-bit Systems
  • Windows 10 for x64-based Systems
Versions
Affected
  • From 3.5.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2
CPEs
  • cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*
Platforms
  • Windows 10 Version 1709 for 32-bit Systems
  • Windows 10 Version 1709 for x64-based Systems
  • Windows 10 Version 1709 for ARM64-based Systems
Versions
Affected
  • From 3.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 4.6
CPEs
  • cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
Platforms
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
Versions
Affected
  • From 4.0.0.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5
CPEs
  • cpe:2.3:a:microsoft:.net:3.5:*:*:*:*:*:*:*
Platforms
  • Windows 8.1 for x64-based systems
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows 8.1 for 32-bit systems
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2012 R2
Versions
Affected
  • From 3.5.0 before publication (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5.1
CPEs
  • cpe:2.3:a:microsoft:.net:3.5.1:*:*:*:*:*:*:*
Platforms
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows 7 for 32-bit Systems Service Pack 1
Versions
Affected
  • From 3.5.0 before publication (custom)
Problem Types
TypeCWE IDDescription
ImpactN/AElevation of Privilege
Type: Impact
CWE ID: N/A
Description: Elevation of Privilege
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1476
x_refsource_MISC
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1476
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1476
x_refsource_MISC
x_transferred
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1476
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:17 Aug, 2020 | 19:15
Updated At:23 Feb, 2026 | 18:25

An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET handle requests.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Microsoft Corporation
microsoft
>>.net_framework>>2.0
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_8.1>>-
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.6.2
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.7
cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.7.1
cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.7.2
cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>-
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.6
cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.6.1
cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.6.2
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>-
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.7.1
cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.7.2
cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1709
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.7.2
cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1803
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1809
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.8
cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1809
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1903
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1909
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>2004
cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5.1
cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>sp1
cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.5.2
cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>-
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_8.1>>-
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_rt_8.1>>-
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.6
cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.6
cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.6.1
cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.6.2
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1476secure@microsoft.com
Patch
Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1476af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1476
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1476
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

775Records found
CVE-2018-0974
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-12.80% / 94.09%
||
7 Day CHG~0.00%
Published-12 Apr, 2018 | 01:00
Updated-05 Aug, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0975.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CVE-2018-0971
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-12.80% / 94.09%
||
7 Day CHG~0.00%
Published-12 Apr, 2018 | 01:00
Updated-05 Aug, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CVE-2018-0968
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-6.42% / 91.15%
||
7 Day CHG~0.00%
Published-12 Apr, 2018 | 01:00
Updated-05 Aug, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows 10 ServersWindows Server 2012 R2Windows 10Windows 8.1Windows RT 8.1Windows Server 2016
CVE-2018-0754
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.09% / 86.94%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 14:00
Updated-16 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Information Disclosure Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_7windows_10windows_server_2008Windows Adobe Type Manager Font Driver (Atmfd.dll)
CVE-2018-0814
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.18% / 87.11%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 17:00
Updated-17 Sep, 2024 | 00:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows kernel
CWE ID-CWE-665
Improper Initialization
CVE-2018-0811
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.18% / 87.11%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 17:00
Updated-17 Sep, 2024 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows kernel
CWE ID-CWE-665
Improper Initialization
CVE-2018-0760
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-8.00% / 92.17%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 02:00
Updated-16 Sep, 2024 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2012 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0755, CVE-2018-0761, and CVE-2018-0855.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2012windows_server_2008Microsoft Windows Embedded OpenType (EOT) font engine
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-0813
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.18% / 87.11%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 17:00
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows kernel
CWE ID-CWE-665
Improper Initialization
CVE-2018-0750
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.09% / 86.94%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 14:00
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2008Windows GDI
CVE-2018-0887
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.07% / 77.92%
||
7 Day CHG~0.00%
Published-12 Apr, 2018 | 01:00
Updated-05 Aug, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-665
Improper Initialization
CVE-2018-0761
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-8.00% / 92.17%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 02:00
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0855.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2008Microsoft Windows Embedded OpenType (EOT) font engine
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-0755
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-8.00% / 92.17%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 02:00
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0760, CVE-2018-0761, and CVE-2018-0855.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2008Microsoft Windows Embedded OpenType (EOT) font engine
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-33760
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 67.34%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:53
Updated-19 Nov, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Media Foundation Information Disclosure Vulnerability

Media Foundation Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows Server, version 1909 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2017-8564
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-22.93% / 95.96%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_server_2016windows_rt_8.1windows_server_2012Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8687
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-22.73% / 95.93%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_server_2016windows_rt_8.1windows_server_2012Windows kernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8668
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.85% / 86.40%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_8.1windows_server_2008windows_rt_8.1windows_server_2012Volume Manager Driver
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-7768
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.39%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-windowsfirefoxFirefoxFirefox ESR
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8557
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.51% / 81.36%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka "Windows System Information Console Information Disclosure Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_server_2016windows_rt_8.1windows_server_2012Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2017-8575
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.13% / 84.36%
||
7 Day CHG~0.00%
Published-29 Jun, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics Component Information Disclosure Vulnerability."

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Microsoft Windows
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8360
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 42.03%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 06:54
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.

Action-Not Available
Vendor-conexantn/aHP Inc.Microsoft Corporation
Product-elitebook_848_g3probook_446_g3zbook_15u_g3windows_7probook_655_g2zbook_17_g3elite_x2_1012_g1zbook_studio_g3elitebook_840_g3probook_645_g2elitebook_828_g3probook_650_g2elitebook_725_g3probook_450_g3probook_640_g2probook_455_g3elitebook_1030_g1elitebook_850_g3windows_10zbook_15_g3elitebook_folio_1040_g3mictray64elitebook_745_g3probook_440_g3elitebook_755_g3elitebook_820_g3elitebook_folio_g1probook_470_g3probook_430_g3n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8544
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.47% / 87.68%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to obtain information to further compromise the user's system when Windows Search fails to handle objects in memory, aka "Windows Search Information Disclosure Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_server_2016windows_rt_8.1windows_server_2012Microsoft Windows
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8683
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-18.16% / 95.26%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8682.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_server_2016windows_server_2012Windows graphics
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8684
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-26.90% / 96.42%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8685 and CVE-2017-8688.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_8.1windows_server_2008windows_rt_8.1windows_server_2012Windows GDI+
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8681
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-20.35% / 95.60%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8687.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_server_2016windows_rt_8.1windows_server_2012Windows kernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8469
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-7.87% / 92.09%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_8.1windows_server_2008windows_rt_8.1windows_server_2012Microsoft Windows
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8693
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-6.19% / 90.96%
||
7 Day CHG~0.00%
Published-13 Oct, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Microsoft Graphics Information Disclosure Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Microsoft Graphics Component
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8680
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-26.90% / 96.42%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_8.1windows_server_2008windows_rt_8.1windows_server_2012Windows kernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8676
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-3.3||LOW
EPSS-7.59% / 91.92%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability."

Action-Not Available
Vendor-Microsoft Corporation
Product-office_2007live_meetingwindows_10windows_7windows_8.1windows_server_2008lyncskype_for_businessofficeoffice_word_vieweroffice_2010windows_server_2016windows_rt_8.1windows_server_2012Windows Graphics Device Interface (GDI)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8685
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-26.90% / 96.42%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2008Windows GDI+
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8666
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.81% / 86.29%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_server_2016windows_rt_8.1windows_server_2012Windows Kernel-Mode Drivers
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8391
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 17.04%
||
7 Day CHG+0.01%
Published-06 May, 2017 | 00:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation.

Action-Not Available
Vendor-n/aCA Technologies (Broadcom Inc.)Microsoft CorporationLinux Kernel Organization, Inc
Product-client_automationlinux_kernelwindowsn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2007-5470
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-1.25% / 79.56%
||
7 Day CHG~0.00%
Published-16 Oct, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-expression_median/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-31960
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 60.96%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bind Filter Driver Information Disclosure Vulnerability

Windows Bind Filter Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows Server version 20H2Windows 10 Version 20H2
CVE-2024-45673
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.55%
||
7 Day CHG~0.00%
Published-21 Feb, 2025 | 16:45
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Bridge information disclosure

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelsecurity_verify_gateway_for_windows_loginwindowssecurity_verify_bridge_directory_syncsecurity_verify_gateway_for_radiusSecurity Verify Bridge Directory Sync
CWE ID-CWE-260
Password in Configuration File
CVE-2023-38140
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 46.82%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 16:58
Updated-30 Oct, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_11_21h2windows_10_22h2windows_server_2022windows_server_2019windows_10_1607Windows Server 2022Windows Server 2019Windows 11 version 21H2Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows Server 2016
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-21257
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 33.78%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-13 Feb, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows WLAN AutoConfig Service Information Disclosure Vulnerability

Windows WLAN AutoConfig Service Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_10_21h2windows_server_2022_23h2Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows 10 Version 21H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2001-0261
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-1.22% / 79.29%
||
7 Day CHG~0.00%
Published-04 Apr, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2000n/a
CVE-2022-29140
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.61% / 81.96%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:34
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Information Disclosure Vulnerability

Windows Print Spooler Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2025-21316
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 47.06%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-13 Feb, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_server_2016windows_10_1607windows_10_22h2windows_server_2025windows_10_1809windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2012windows_server_2022windows_10_21h2windows_server_2022_23h2windows_10_1507Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-21319
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 36.20%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-13 Feb, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_server_2016windows_10_1607windows_10_22h2windows_server_2008windows_server_2025windows_10_1809windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2012windows_server_2022windows_10_21h2windows_server_2022_23h2windows_10_1507Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-36406
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 47.82%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 17:57
Updated-08 Oct, 2025 | 23:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Information Disclosure Vulnerability

Windows Hyper-V Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_11_21h2windows_server_2022windows_11_23h2Windows Server 2022Windows 11 version 22H2Windows 11 version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 11 Version 23H2
CWE ID-CWE-20
Improper Input Validation
CVE-2023-36906
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.59% / 87.89%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-01 Jan, 2025 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cryptographic Services Information Disclosure Vulnerability

Windows Cryptographic Services Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-170
Improper Null Termination
CVE-2023-36907
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.59% / 87.89%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-01 Jan, 2025 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cryptographic Services Information Disclosure Vulnerability

Windows Cryptographic Services Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-170
Improper Null Termination
CVE-2023-36914
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 36.62%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-01 Jan, 2025 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 22H2
CVE-2023-36713
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.08% / 84.18%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Information Disclosure Vulnerability

Windows Common Log File System Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2023-36889
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 31.94%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-01 Jan, 2025 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Group Policy Security Feature Bypass Vulnerability

Windows Group Policy Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2000-0089
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-2.22% / 84.67%
||
7 Day CHG~0.00%
Published-22 Mar, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntn/a
CVE-2023-36576
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.50% / 65.98%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_server_2016windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_10_21h1windows_server_2019Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 1809Windows Server 2022Windows 10 Version 22H2Windows Server 2016Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-36558
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.39% / 60.27%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 21:35
Updated-09 Oct, 2025 | 00:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASP.NET Core Security Feature Bypass Vulnerability

ASP.NET Core Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-asp.net_corevisual_studio_2022.netASP.NET Core 6.0ASP.NET Core 7.0.NET 7.0Microsoft Visual Studio 2022 version 17.6ASP.NET Core 8.0Microsoft Visual Studio 2022 version 17.2.NET 8.0Microsoft Visual Studio 2022 version 17.4Microsoft Visual Studio 2022 version 17.7.NET 6.0
CVE-2023-36428
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 37.76%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 17:57
Updated-08 Oct, 2025 | 23:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2016 (Server Core installation)Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2022Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 11 version 22H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012Windows 10 Version 1809Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 11 version 22H3
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • ...
  • 15
  • 16
  • Next
Details not found