Vulnerabilities > Microsoft > Windows 10 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-16949 | Memory Leak vulnerability in Microsoft products <p>A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. | 4.7 |
| 2020-10-16 | CVE-2020-16938 | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. | 5.5 |
| 2020-10-16 | CVE-2020-16922 | Improper Verification of Cryptographic Signature vulnerability in Microsoft products <p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. | 5.3 |
| 2020-10-16 | CVE-2020-16921 | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. | 5.5 |
| 2020-10-16 | CVE-2020-16919 | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations. | 5.5 |
| 2020-10-16 | CVE-2020-16914 | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. | 5.5 |
| 2020-10-16 | CVE-2020-16910 | Improper Preservation of Permissions vulnerability in Microsoft products <p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.</p> <p>To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.</p> <p>The security update addresses the vulnerability by correcting security feature behavior to enforce permissions.</p> | 6.2 |
| 2020-10-16 | CVE-2020-16905 | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. | 6.8 |
| 2020-10-16 | CVE-2020-16901 | Improper Initialization vulnerability in Microsoft Windows 10 and Windows Server 2016 <p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p> <p>To exploit this vulnerability, an authenticated attacker could run a specially crafted application. | 5.0 |
| 2020-10-16 | CVE-2020-16897 | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. | 5.5 |