Vulnerabilities > Microsoft > Windows 10 21H2 > 10.0.19041.3920

DATE CVE VULNERABILITY TITLE RISK
2025-01-14 CVE-2025-21304 Unspecified vulnerability in Microsoft products
Microsoft DWM Core Library Elevation of Privilege Vulnerability
local
low complexity
microsoft
7.8
2025-01-14 CVE-2025-21332 Unspecified vulnerability in Microsoft products
MapUrlToZone Security Feature Bypass Vulnerability
network
low complexity
microsoft
8.8
2024-10-08 CVE-2024-30092 Unspecified vulnerability in Microsoft products
Windows Hyper-V Remote Code Execution Vulnerability
high complexity
microsoft
7.5
2024-06-11 CVE-2024-35250 Unspecified vulnerability in Microsoft products
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
local
low complexity
microsoft
7.8
2024-05-14 CVE-2024-30040 Unspecified vulnerability in Microsoft products
Windows MSHTML Platform Security Feature Bypass Vulnerability
network
low complexity
microsoft
8.8
2024-04-09 CVE-2024-29064 Unspecified vulnerability in Microsoft products
Windows Hyper-V Denial of Service Vulnerability
local
low complexity
microsoft
5.5
2024-04-09 CVE-2024-29050 Improper Certificate Validation vulnerability in Microsoft products
Windows Cryptographic Services Remote Code Execution Vulnerability
local
low complexity
microsoft CWE-295
7.8
2023-10-18 CVE-2023-38545 Out-of-bounds Write vulnerability in multiple products
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only.
network
low complexity
haxx fedoraproject netapp microsoft CWE-787
critical
9.8
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-06-14 CVE-2023-29360 Unspecified vulnerability in Microsoft products
Microsoft Streaming Service Elevation of Privilege Vulnerability
local
low complexity
microsoft
8.4