Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Windows_rt_8\.1
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2019 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-14 | CVE-2019-1180 | An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the wcmsvc.dll properly handles objects in memory. | Windows_10, Windows_8\.1, Windows_rt_8\.1, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 7.0 | ||
| 2019-08-14 | CVE-2019-1181 | A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new... | Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 9.8 | ||
| 2019-08-14 | CVE-2019-1182 | A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new... | Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 9.8 | ||
| 2019-08-14 | CVE-2019-1187 | A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input. | Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 5.5 | ||
| 2019-08-14 | CVE-2019-1212 | A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. To exploit the vulnerability, a remote unauthenticated attacker could send a specially crafted packet to an affected DHCP server. The security update addresses the vulnerability by correcting how DHCP servers handle network packets. | Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 9.8 | ||
| 2019-09-03 | CVE-2019-1125 | An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used... | Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization_host | 5.6 | ||
| 2020-09-11 | CVE-2020-0648 | <p>An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p> <p>The security update addresses the vulnerability by correcting how the Windows RSoP Service Application handles memory.</p> | Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 7.8 | ||
| 2020-09-11 | CVE-2020-0782 | <p>An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The security update... | Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 7.8 | ||
| 2020-09-11 | CVE-2020-0790 | <p>A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.</p> <p>This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another... | Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 7.8 | ||
| 2020-09-11 | CVE-2020-0838 | <p>An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how NTFS checks access.</p> | Windows_10, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 7.8 |