# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-29121 |
400 |
|
DoS |
2022-05-10 |
2022-05-25 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
Windows WLAN AutoConfig Service Denial of Service Vulnerability. |
2 |
CVE-2022-26935 |
668 |
|
|
2022-05-10 |
2022-05-19 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
Windows WLAN AutoConfig Service Information Disclosure Vulnerability. |
3 |
CVE-2022-21997 |
269 |
|
|
2022-02-09 |
2022-05-23 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21999, CVE-2022-22717, CVE-2022-22718. |
4 |
CVE-2022-21900 |
|
|
Bypass |
2022-01-11 |
2022-05-23 |
3.8 |
None |
Local Network |
Medium |
??? |
None |
Partial |
Partial |
Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21905. |
5 |
CVE-2021-42288 |
863 |
|
Bypass |
2021-11-10 |
2021-11-16 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
Windows Hello Security Feature Bypass Vulnerability |
6 |
CVE-2021-41361 |
|
|
|
2021-10-13 |
2021-10-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Active Directory Federation Server Spoofing Vulnerability |
7 |
CVE-2021-36961 |
|
|
DoS |
2021-09-15 |
2021-09-24 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
Windows Installer Denial of Service Vulnerability |
8 |
CVE-2021-31961 |
269 |
|
|
2021-07-14 |
2021-09-20 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
Windows InstallService Elevation of Privilege Vulnerability |
9 |
CVE-2021-28326 |
|
|
DoS |
2021-04-13 |
2021-06-04 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
Windows AppX Deployment Server Denial of Service Vulnerability |
10 |
CVE-2021-26886 |
|
|
DoS |
2021-03-11 |
2021-03-23 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
User Profile Service Denial of Service Vulnerability |
11 |
CVE-2021-26866 |
59 |
|
|
2021-03-11 |
2022-05-03 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
Windows Update Service Elevation of Privilege Vulnerability |
12 |
CVE-2021-1708 |
|
|
|
2021-01-12 |
2021-01-20 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
Windows GDI+ Information Disclosure Vulnerability |
13 |
CVE-2020-1405 |
269 |
|
|
2020-07-14 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1372. |
14 |
CVE-2020-1364 |
20 |
|
DoS |
2020-07-14 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
A denial of service vulnerability exists in the way that the WalletService handles files, aka 'Windows WalletService Denial of Service Vulnerability'. |
15 |
CVE-2020-1333 |
269 |
|
|
2020-07-14 |
2021-07-21 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points, aka 'Group Policy Services Policy Processing Elevation of Privilege Vulnerability'. |
16 |
CVE-2020-1204 |
269 |
|
|
2020-06-09 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. |
17 |
CVE-2020-0942 |
269 |
|
|
2020-04-15 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0944, CVE-2020-1029. |
18 |
CVE-2020-0936 |
269 |
|
|
2020-04-15 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections, aka 'Windows Scheduled Task Elevation of Privilege Vulnerability'. |
19 |
CVE-2020-0854 |
269 |
|
|
2020-03-12 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. |
20 |
CVE-2020-0785 |
269 |
|
|
2020-03-12 |
2020-03-18 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. |
21 |
CVE-2020-0730 |
59 |
|
|
2020-02-11 |
2020-02-14 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. |
22 |
CVE-2019-1454 |
269 |
|
|
2020-01-24 |
2020-01-27 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. |
23 |
CVE-2019-1289 |
863 |
|
|
2019-09-11 |
2020-08-24 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'. |
24 |
CVE-2019-1273 |
79 |
|
XSS |
2019-09-11 |
2019-09-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'. |
25 |
CVE-2019-1270 |
269 |
|
|
2019-09-11 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'. |
26 |
CVE-2019-0986 |
59 |
|
|
2019-06-12 |
2020-08-24 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. |
27 |
CVE-2018-8547 |
79 |
|
XSS |
2018-11-14 |
2018-12-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directory Federation Services XSS Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. |