Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-32212

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-14 Apr, 2026 | 16:57
Updated At-01 Jun, 2026 | 19:12
Rejected At-
Credits

Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:14 Apr, 2026 | 16:57
Updated At:01 Jun, 2026 | 19:12
Rejected At:
â–¼CVE Numbering Authority (CNA)
Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1607
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before 10.0.14393.9060 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1809
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before 10.0.17763.8644 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 21H2
Platforms
  • 32-bit Systems
  • ARM64-based Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.19044.0 before 10.0.19044.7184 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 22H2
Platforms
  • 32-bit Systems
  • ARM64-based Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.19045.0 before 10.0.19045.7184 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 11 version 22H3
Platforms
  • ARM64-based Systems
Versions
Affected
  • From 10.0.22631.0 before 10.0.22631.6936 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 11 Version 23H2
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.22631.0 before 10.0.22631.6936 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 11 Version 24H2
Platforms
  • ARM64-based Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.26100.0 before 10.0.26100.8246 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 11 Version 25H2
Platforms
  • ARM64-based Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.26200.0 before 10.0.26200.8246 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 11 version 26H1
Platforms
  • ARM64-based Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.28000.0 before 10.0.28000.1836 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.9200.0 before 6.2.9200.26026 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.9200.0 before 6.2.9200.26026 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.9600.0 before 6.3.9600.23132 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.9600.0 before 6.3.9600.23132 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before 10.0.14393.9060 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before 10.0.14393.9060 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before 10.0.17763.8644 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before 10.0.17763.8644 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2022
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.20348.0 before 10.0.20348.5020 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2022, 23H2 Edition (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.25398.0 before 10.0.25398.2274 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2025
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.26100.0 before 10.0.26100.32690 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2025 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.26100.0 before 10.0.26100.32690 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-59CWE-59: Improper Link Resolution Before File Access ('Link Following')
CWECWE-269CWE-269: Improper Privilege Management
Type: CWE
CWE ID: CWE-59
Description: CWE-59: Improper Link Resolution Before File Access ('Link Following')
Type: CWE
CWE ID: CWE-269
Description: CWE-269: Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32212
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32212
Resource:
vendor-advisory
patch
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:14 Apr, 2026 | 18:17
Updated At:20 Apr, 2026 | 14:55

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Microsoft Corporation
microsoft
>>windows_10_1607>>Versions before 10.0.14393.9060(exclusive)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1607>>Versions before 10.0.14393.9060(exclusive)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_10_1809>>Versions before 10.0.17763.8644(exclusive)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1809>>Versions before 10.0.17763.8644(exclusive)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_10_21h2>>Versions before 10.0.19044.7184(exclusive)
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_10_21h2>>Versions before 10.0.19044.7184(exclusive)
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_21h2>>Versions before 10.0.19044.7184(exclusive)
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_10_22h2>>Versions before 10.0.19045.7184(exclusive)
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_10_22h2>>Versions before 10.0.19045.7184(exclusive)
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_22h2>>Versions before 10.0.19045.7184(exclusive)
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_11_23h2>>Versions before 10.0.22631.6936(exclusive)
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_11_23h2>>Versions before 10.0.22631.6936(exclusive)
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_11_24h2>>Versions before 10.0.26100.8246(exclusive)
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_11_24h2>>Versions before 10.0.26100.8246(exclusive)
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_11_25h2>>Versions before 10.0.26200.8246(exclusive)
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_11_25h2>>Versions before 10.0.26200.8246(exclusive)
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_11_26h1>>Versions before 10.0.28000.1836(exclusive)
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_11_26h1>>Versions before 10.0.28000.1836(exclusive)
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>Versions before 10.0.14393.9060(exclusive)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>Versions before 10.0.17763.8644(exclusive)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2022>>Versions before 10.0.20348.5020(exclusive)
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2022_23h2>>Versions before 10.0.25398.2274(exclusive)
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2025>>Versions before 10.0.26100.32690(exclusive)
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-59Secondarysecure@microsoft.com
CWE-269Secondarysecure@microsoft.com
CWE ID: CWE-59
Type: Secondary
Source: secure@microsoft.com
CWE ID: CWE-269
Type: Secondary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32212secure@microsoft.com
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32212
Source: secure@microsoft.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1188Records found
CVE-2021-24084
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.89% / 88.52%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Mobile Device Management Information Disclosure Vulnerability

Windows Mobile Device Management Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-1258
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 14.10%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:17
Updated-12 Nov, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.McAfee, LLCMicrosoft Corporation
Product-agent_epolicy_orchestrator_extensionwindowsanyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-264
Not Available
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-0029
Matching Score-10
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Palo Alto Networks, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.75%
||
7 Day CHG~0.00%
Published-14 Sep, 2022 | 16:35
Updated-04 Jun, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cortex XDR Agent: Improper Link Resolution Vulnerability When Generating a Tech Support File

An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.

Action-Not Available
Vendor-Microsoft CorporationPalo Alto Networks, Inc.
Product-windowscortex_xdr_agentCortex XDR Agent
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-32556
Matching Score-10
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-10
Assigner-Trend Micro, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.96%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 21:56
Updated-04 Dec, 2024 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex One
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-29837
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.06% / 78.00%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:59
Updated-13 Feb, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Information Disclosure Vulnerability

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_10_1507windows_10_22h2windows_11_23h2windows_11_22h2windows_10_1607windows_server_2019windows_server_2022_23h2windows_server_2025windows_11_24h2windows_server_2008windows_10_1809windows_server_2022windows_10_21h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-38140
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 55.65%
||
7 Day CHG+0.08%
Published-12 Sep, 2023 | 16:58
Updated-30 Oct, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_11_21h2windows_10_22h2windows_server_2022windows_server_2019windows_10_1607Windows Server 2022Windows Server 2019Windows 11 version 21H2Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows Server 2016
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2023-36907
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.82% / 88.38%
||
7 Day CHG+0.23%
Published-08 Aug, 2023 | 17:08
Updated-01 Jan, 2025 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cryptographic Services Information Disclosure Vulnerability

Windows Cryptographic Services Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-170
Improper Null Termination
CVE-2023-36576
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.42% / 62.20%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_server_2016windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_10_21h1windows_server_2019Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 1809Windows Server 2022Windows 10 Version 22H2Windows Server 2016Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-36889
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 33.59%
||
7 Day CHG+0.01%
Published-08 Aug, 2023 | 17:08
Updated-01 Jan, 2025 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Group Policy Security Feature Bypass Vulnerability

Windows Group Policy Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-284
Improper Access Control
CVE-2023-36906
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.82% / 88.38%
||
7 Day CHG+0.23%
Published-08 Aug, 2023 | 17:08
Updated-01 Jan, 2025 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cryptographic Services Information Disclosure Vulnerability

Windows Cryptographic Services Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-170
Improper Null Termination
CVE-2019-1283
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.73% / 73.25%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:25
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2008WindowsWindows Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-36406
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 48.04%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 17:57
Updated-08 Oct, 2025 | 23:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Information Disclosure Vulnerability

Windows Hyper-V Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_11_21h2windows_server_2022windows_11_23h2Windows Server 2022Windows 11 version 22H2Windows 11 version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 11 Version 23H2
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21318
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 34.45%
||
7 Day CHG-0.01%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_server_2016windows_10_1607windows_10_22h2windows_server_2025windows_10_1809windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2012windows_server_2022windows_10_21h2windows_server_2022_23h2windows_10_1507Windows 11 Version 23H2Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-21317
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 34.22%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_server_2025windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2022windows_10_21h2windows_server_2022_23h2Windows 11 Version 23H2Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-35324
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.30%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-28 Feb, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2012Windows 10 Version 1809Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-126
Buffer Over-read
CVE-2023-35306
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 46.11%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-28 Feb, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2012Windows 10 Version 1809Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-20
Improper Input Validation
CVE-2025-21320
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.37%
||
7 Day CHG+0.04%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_server_2016windows_10_1607windows_10_22h2windows_server_2008windows_server_2025windows_10_1809windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2012windows_server_2022windows_10_21h2windows_server_2022_23h2windows_10_1507Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-49684
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.78% / 74.07%
||
7 Day CHG+0.20%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Storage Port Driver Information Disclosure Vulnerability

Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_22h2windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_server_2025windows_server_2022windows_10_1607windows_11_23h2windows_10_1809windows_server_2016windows_10_1507windows_11_22h2Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-126
Buffer Over-read
CVE-2025-21374
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 55.05%
||
7 Day CHG+0.08%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows CSC Service Information Disclosure Vulnerability

Windows CSC Service Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2022_23h2windows_server_2025windows_10_21h2windows_11_23h2windows_server_2019windows_10_1507windows_server_2022windows_10_1607windows_10_22h2windows_11_22h2windows_server_2012windows_10_1809windows_11_24h2Windows 11 Version 23H2Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-1382
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 57.79%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication, aka 'Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CVE-2025-21257
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.68%
||
7 Day CHG+0.03%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows WLAN AutoConfig Service Information Disclosure Vulnerability

Windows WLAN AutoConfig Service Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_10_21h2windows_server_2022_23h2Windows 11 Version 23H2Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows 11 Version 24H2Windows 10 Version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows 10 Version 22H2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-48810
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.05% / 77.97%
||
7 Day CHG+0.28%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Secure Kernel Mode Information Disclosure Vulnerability

Processor optimization removal or modification of security-critical code in Windows Secure Kernel Mode allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2025
CWE ID-CWE-1037
Processor Optimization Removal or Modification of Security-critical Code
CVE-2025-47979
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.57%
||
7 Day CHG+0.01%
Published-14 Oct, 2025 | 17:00
Updated-22 Feb, 2026 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Failover Cluster Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_server_2022_23h2Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-48809
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.05% / 77.97%
||
7 Day CHG+0.28%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Secure Kernel Mode Information Disclosure Vulnerability

Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2025
CWE ID-CWE-1037
Processor Optimization Removal or Modification of Security-critical Code
CVE-2023-28723
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-3.3||LOW
EPSS-0.10% / 26.46%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncIntel CorporationMicrosoft Corporation
Product-windowslinux_kernelaptio_v_uefi_firmware_integrator_toolsIntel(R) Aptio* V UEFI Firmware Integrator Tools
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1293
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.22% / 79.43%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:25
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-21321
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.37%
||
7 Day CHG+0.04%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_server_2016windows_10_1607windows_10_22h2windows_server_2025windows_10_1809windows_11_22h2windows_11_24h2windows_11_23h2windows_server_2012windows_server_2022windows_10_21h2windows_server_2022_23h2windows_10_1507Windows 11 Version 23H2Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-1345
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-5.33% / 90.27%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1334.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-1370
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.64% / 71.01%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-open_enclave_software_development_kitOpen Enclave SDK
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-28266
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.28% / 85.04%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Information Disclosure Vulnerability

Windows Common Log File System Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows Server 2016Windows 10 Version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022Windows 11 version 21H2Windows 10 Version 1507Windows Server 2012Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows Server 2019Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)
CWE ID-CWE-126
Buffer Over-read
CVE-2023-28263
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.85% / 75.29%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Information Disclosure Vulnerability

Visual Studio Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2019visual_studio_2022Microsoft Visual Studio 2022 version 17.2Microsoft Visual Studio 2022 version 17.5Microsoft Visual Studio 2022 version 17.0Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2022 version 17.4
CWE ID-CWE-170
Improper Null Termination
CVE-2023-28271
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.82% / 74.73%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows Server 2016Windows 10 Version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022Windows 11 version 21H2Windows 10 Version 1507Windows Server 2012Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows Server 2019Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-28253
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.85% / 75.29%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows Server 2016Windows 10 Version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022Windows 11 version 21H2Windows 10 Version 1507Windows Server 2012Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows Server 2019Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)
CVE-2019-1334
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.86% / 83.47%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1363
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.86% / 83.47%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2008WindowsWindows Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-28404
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-3.8||LOW
EPSS-0.09% / 25.79%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-02 Aug, 2024 | 12:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsarc_a_graphicsiris_xe_graphicsIntel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers
CWE ID-CWE-125
Out-of-bounds Read
CVE-2008-3893
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.50% / 66.25%
||
7 Day CHG~0.00%
Published-03 Sep, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1344
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-5.46% / 90.39%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-1369
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.73% / 73.25%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-open_enclave_software_development_kitOpen Enclave SDK
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1381
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.06% / 78.04%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1337
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.14% / 78.84%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:28
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-31960
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 61.22%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bind Filter Driver Information Disclosure Vulnerability

Windows Bind Filter Driver Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 21H1Windows Server version 20H2Windows 10 Version 20H2
CVE-2021-31184
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.39% / 85.36%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability

Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-31174
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.50% / 66.45%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Information Disclosure Vulnerability

Microsoft Excel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serverofficeexceloffice_web_apps_server365_appsMicrosoft Excel 2016Microsoft 365 Apps for EnterpriseMicrosoft Excel 2013 Service Pack 1Microsoft Office Online ServerMicrosoft Office 2016Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Office 2013 Service Pack 1Microsoft Office 2019
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-31955
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-3.61% / 88.05%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-30 Oct, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Windows Kernel Information Disclosure Vulnerability

Windows Kernel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1909windows_10_21h1windows_server_2004windows_10_1809windows_server_2019windows_10_2004windows_server_20h2windows_10_20h2Windows Server 2019Windows 10 Version 2004Windows 10 Version 1809Windows Server version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 20H2Windows 10 Version 1909Windows Server version 2004Windows
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2021-29904
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 6.30%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 18:05
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelaixwindowsjazz_for_service_managementJazz for Service Management
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-1254
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.59% / 69.66%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:24
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows Server, version 1903 (Server Core installation)Windows ServerWindows 10 Version 1903 for x64-based Systems
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2019-1227
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.04% / 77.80%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-20 Feb, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10windows_server_2019Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows 10 Version 1903 for 32-bit SystemsWindows Server 2019Windows Server, version 1803 (Server Core Installation)Windows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1219
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.22% / 79.43%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:24
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1251
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.86% / 83.47%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:24
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1245.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 23
  • 24
  • Next
Details not found