Vulnerabilities > Microsoft > Windows 10 > Low

DATE CVE VULNERABILITY TITLE RISK
2021-05-11 CVE-2020-24588 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.
3.5
2019-12-10 CVE-2019-1488 Unspecified vulnerability in Microsoft products
A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'.
local
low complexity
microsoft
3.3
2019-11-12 CVE-2019-1418 Information Exposure vulnerability in Microsoft products
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.
local
low complexity
microsoft CWE-200
3.3
2018-10-10 CVE-2018-8481 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
network
high complexity
microsoft
3.1
2018-10-10 CVE-2018-8482 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
network
high complexity
microsoft
3.1
2018-09-13 CVE-2018-8449 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft Windows 10 and Windows Server 2016
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
local
low complexity
microsoft CWE-367
3.3
2018-04-12 CVE-2018-0966 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft Windows 10 and Windows Server 2016
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
local
low complexity
microsoft CWE-367
3.3
2018-03-14 CVE-2018-0878 XXE vulnerability in Microsoft products
Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability".
network
high complexity
microsoft CWE-611
3.1
2017-11-15 CVE-2017-11850 Information Exposure vulnerability in Microsoft products
Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability".
local
high complexity
microsoft CWE-200
2.5
2017-09-13 CVE-2017-8676 Information Exposure vulnerability in Microsoft products
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
3.3