Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-42323

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-10 Nov, 2021 | 00:47
Updated At-04 Aug, 2024 | 03:30
Rejected At-
Credits

Azure RTOS Information Disclosure Vulnerability

Azure RTOS Information Disclosure Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:10 Nov, 2021 | 00:47
Updated At:04 Aug, 2024 | 03:30
Rejected At:
▼CVE Numbering Authority (CNA)
Azure RTOS Information Disclosure Vulnerability

Azure RTOS Information Disclosure Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Azure Real Time Operating System
CPEs
  • cpe:2.3:o:microsoft:azure_real_time_operating_system:*:*:*:*:*:*:*:*
Platforms
  • Unknown
Versions
Affected
  • From 6.0.0 before 6.1.9 (custom)
Problem Types
TypeCWE IDDescription
ImpactN/AInformation Disclosure
Type: Impact
CWE ID: N/A
Description: Information Disclosure
Metrics
VersionBase scoreBase severityVector
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42323
x_refsource_MISC
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42323
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42323
x_refsource_MISC
x_transferred
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42323
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:10 Nov, 2021 | 01:19
Updated At:28 Dec, 2023 | 16:16

Azure RTOS Information Disclosure Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Secondary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Microsoft Corporation
microsoft
>>azure_real_time_operating_system>>Versions before 6.1.9(exclusive)
cpe:2.3:o:microsoft:azure_real_time_operating_system:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42323secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42323
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

589Records found
CVE-2019-1216
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.46% / 80.10%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:24
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008WindowsWindows Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1171
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.42% / 60.92%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SymCrypt Information Disclosure Vulnerability

An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability through a software change to the OAEP decoding operations.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows 10 Version 1903 for 32-bit SystemsWindows Server 2019Windows 10 Version 1709Windows Server, version 1803 (Server Core Installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1703
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1143
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.90% / 74.76%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1709Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1703
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-11096
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.28%
||
7 Day CHG~0.00%
Published-16 Dec, 2019 | 19:13
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient memory protection for Intel(R) Ethernet I218 Adapter driver for Windows* 10 before version 24.1 may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-ethernet_i218_adapter_driverwindows_10Intel(R) Ethernet I218 Adapter driver for Windows* 10
CVE-2019-1073
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 56.68%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 18:56
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1097
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.43% / 79.87%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 18:56
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1093.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1096
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-34.56% / 96.86%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 18:56
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1078
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.65% / 69.97%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Graphics Component Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1709Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1703
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1093
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.43% / 79.87%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 18:56
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1091
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.93% / 75.21%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 18:56
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory, aka 'Microsoft unistore.dll Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1071
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 56.68%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 18:56
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1073.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1039
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.54% / 66.57%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_7windows_rt_8.1windows_server_2019windows_8.1windows_server_2008windows_10Windows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 8.1Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows 10 Version 1703Windows 7Windows 10 Version 1809
CWE ID-CWE-665
Improper Initialization
CVE-2019-0767
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.91% / 74.86%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 01:42
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0775, CVE-2019-0782.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CWE ID-CWE-665
Improper Initialization
CVE-2019-0814
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.98% / 75.82%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:16
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0848.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows Server
CVE-2019-0844
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.98% / 75.82%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:18
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0840.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0838
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.63% / 69.29%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:16
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0839.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0755
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.60% / 68.60%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 23:32
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0702
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.88% / 74.46%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 23:43
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0755, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0536
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.37% / 58.14%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0549, CVE-2019-0554, CVE-2019-0569.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2019Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CVE-2019-0661
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.55% / 66.96%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0621, CVE-2019-0663.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2012windows_server_2008WindowsWindows Server
CVE-2019-0549
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.08% / 76.93%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0554, CVE-2019-0569.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2019Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CVE-2019-0663
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.71% / 81.57%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0621, CVE-2019-0661.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008WindowsWindows Server
CWE ID-CWE-665
Improper Initialization
CVE-2019-0622
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.43% / 61.66%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35.

Action-Not Available
Vendor-Microsoft Corporation
Product-skypeSkype
CWE ID-CWE-287
Improper Authentication
CVE-2019-0554
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.37% / 58.14%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0569.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2019Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CVE-2019-0621
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.56% / 67.27%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0661, CVE-2019-0663.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0837
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.98% / 75.82%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:16
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10WindowsWindows Server
CVE-2019-0759
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 59.97%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 01:50
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects in memory, aka 'Windows Print Spooler Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0848
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.00% / 76.04%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:18
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0814.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0782
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.91% / 74.86%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 02:39
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0775.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CWE ID-CWE-665
Improper Initialization
CVE-2018-8407
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.69% / 70.86%
||
7 Day CHG-0.01%
Published-14 Nov, 2018 | 01:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver improperly initializes objects in memory, aka "MSRPC Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2019Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-665
Improper Initialization
CVE-2019-0876
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.48% / 64.22%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:20
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-open_enclave_software_development_kitOpen Enclave SDK
CVE-2019-0628
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.55% / 66.96%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0569
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.37% / 58.14%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0554.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2019Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CVE-2018-8566
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.22% / 44.30%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 01:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows Server 2019Windows 10Windows 10 ServersWindows Server 2016
CVE-2018-8563
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.74% / 72.07%
||
7 Day CHG-0.01%
Published-14 Nov, 2018 | 01:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2008 R2.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_8.1windows_rt_8.1windows_7windows_server_2008Windows Server 2008 R2Windows Server 2012 R2Windows Server 2012Windows 8.1Windows 7Windows RT 8.1
CVE-2018-8427
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.83% / 87.71%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_word_vieweroffice_365_proplusofficeexcel_vieweroffice_compatibility_packpowerpoint_viewerwindows_server_2008Microsoft Excel ViewerMicrosoft Office Word ViewerMicrosoft OfficeOfficeMicrosoft PowerPoint ViewerWindows Server 2008
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8330
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.60% / 87.32%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_7windows_10windows_server_2019windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2019Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8446
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.71% / 88.96%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-0839
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.69% / 70.98%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:18
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0838.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2018-8486
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.05% / 76.71%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2019Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CVE-2018-8336
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.71% / 88.96%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2008Windows 7Windows Server 2008Windows Server 2008 R2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-0776
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.88% / 74.46%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 02:08
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows Server
CVE-2021-21989
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.46%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 11:43
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Microsoft Corporation
Product-workstationwindowshorizon_clientVMware Workstation Pro / Player (Workstation), VMware Horizon Client for Windows
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-8253
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.6||MEDIUM
EPSS-1.54% / 80.68%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 17:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10Windows Server 2016
CVE-2018-8445
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.08% / 88.11%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8446.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_10Windows 10 ServersWindows 10
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-0553
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.37% / 58.14%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka "Windows Subsystem for Linux Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 ServersWindows 10Windows Server 2019
CVE-2018-8565
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.63% / 85.13%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 01:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka "Win32k Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8408
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.69% / 70.86%
||
7 Day CHG-0.01%
Published-14 Nov, 2018 | 01:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-665
Improper Initialization
CVE-2019-0840
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.98% / 75.82%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:18
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0844.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows Server
CVE-2018-8637
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.20% / 78.10%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 00:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass, aka "Win32k Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 ServersWindows 10Windows Server 2019
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 11
  • 12
  • Next
Details not found