VYPR

Vendor CVEs

Microsoft

All CVEs

14,319 total · sorted by risk
  • CVE-2016-0197HigMay 11, 2016
    risk 0.51cvss 7.8epss 0.01

    dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to…

  • CVE-2016-0196HigMay 11, 2016
    risk 0.51cvss 7.8epss 0.02

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k…

  • CVE-2016-0180HigMay 11, 2016
    risk 0.51cvss 7.8epss 0.01

    The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles symbolic links, which allows local users to gain privileges via a crafted…

  • CVE-2016-0176HigMay 11, 2016
    risk 0.51cvss 7.8epss 0.02

    dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted…

  • CVE-2016-0174HigMay 11, 2016
    risk 0.51cvss 7.8epss 0.02

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k…

  • CVE-2016-0152HigMay 11, 2016
    risk 0.51cvss 7.8epss 0.04

    Internet Information Services (IIS) in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability."

  • CVE-2016-0150HigApr 12, 2016
    risk 0.51cvss 7.5epss 0.29

    HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability."

  • CVE-2016-0096HigMar 9, 2016
    risk 0.51cvss 7.8epss 0.02

    The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k…

  • CVE-2016-0095HigMar 9, 2016
    risk 0.51cvss 7.8epss 0.04

    The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k…

  • CVE-2016-0087HigMar 9, 2016
    risk 0.51cvss 7.8epss 0.02

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 do not properly validate handles, which allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."

  • CVE-2016-0057HigMar 9, 2016
    risk 0.51cvss 7.8epss 0.01

    Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka "Microsoft Office Security Feature Bypass Vulnerability."

  • CVE-2016-0048HigFeb 10, 2016
    risk 0.51cvss 7.8epss 0.02

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k…

  • CVE-2016-0042HigFeb 10, 2016
    risk 0.51cvss 7.8epss 0.06

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "Windows…

  • CVE-2016-0037HigFeb 10, 2016
    risk 0.51cvss 7.5epss 0.26

    The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service (daemon outage) via crafted data, aka "Microsoft Active Directory Federation Services Denial…

  • CVE-2016-0020HigJan 13, 2016
    risk 0.51cvss 7.8epss 0.02

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "MAPI DLL Loading Elevation of Privilege Vulnerability."

  • CVE-2016-0014HigJan 13, 2016
    risk 0.51cvss 7.8epss 0.02

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted…

  • CVE-2016-0006HigJan 13, 2016
    risk 0.51cvss 7.3epss 0.04

    The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to…

  • CVE-2016-0002HigJan 13, 2016
    risk 0.51cvss 7.5epss 0.24

    The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

  • CVE-2013-3900MedKEVDec 11, 2013
    risk 0.51cvss 5.5epss 0.45

    Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows…

  • CVE-2013-1342HigSep 11, 2013
    risk 0.51cvss 7.8epss 0.01

    win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted…

  • CVE-2013-0029HigFeb 13, 2013
    risk 0.51cvss 7.5epss 0.30

    Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability."

  • CVE-2012-0180HigMay 9, 2012
    risk 0.51cvss 7.8epss 0.01

    win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode…

  • CVE-2011-1887HigJul 13, 2011
    risk 0.51cvss 7.8epss 0.01

    win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different…

  • CVE-2011-1874HigJul 13, 2011
    risk 0.51cvss 7.8epss 0.01

    Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a…

  • CVE-2011-1236HigApr 13, 2011
    risk 0.51cvss 7.8epss 0.01

    Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a…

  • CVE-2011-0676HigApr 13, 2011
    risk 0.51cvss 7.8epss 0.01

    win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers…

  • CVE-2010-3190HigAug 31, 2010
    risk 0.51cvss 7.8epss 0.09

    Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local…

  • CVE-2010-0485HigJun 8, 2010
    risk 0.51cvss 7.8epss 0.01

    The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows…

  • CVE-2009-0082HigMar 10, 2009
    risk 0.51cvss 7.8epss 0.01

    The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows…

  • CVE-2003-1567HigJan 15, 2009
    risk 0.51cvss 7.5epss 0.25

    The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly…

  • CVE-2008-0322HigMay 13, 2008
    risk 0.51cvss 7.8epss 0.02

    The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute…

  • CVE-2008-0087HigApr 8, 2008
    risk 0.51cvss 7.5epss 0.32

    The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

  • CVE-2002-1844HigDec 31, 2002
    risk 0.51cvss 7.8epss 0.01

    Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.

  • CVE-2002-0051HigApr 4, 2002
    risk 0.51cvss 7.8epss 0.01

    Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.

  • CVE-2001-1238HigJul 16, 2001
    risk 0.51cvss 7.8epss 0.01

    Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the…

  • CVE-2026-45497HigJun 4, 2026
    risk 0.50cvss 7.7epss 0.00

    Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.

  • CVE-2026-26147HigMay 22, 2026
    risk 0.50cvss 7.7epss 0.01

    Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network.

  • CVE-2026-42832HigMay 12, 2026
    risk 0.50cvss 7.7epss 0.00

    Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

  • CVE-2026-33821HigMay 12, 2026
    risk 0.50cvss 7.7epss 0.01

    Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-27913HigApr 14, 2026
    risk 0.50cvss 7.7epss 0.00

    Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2025-59500HigOct 23, 2025
    risk 0.50cvss 7.7epss 0.01

    Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.

  • CVE-2025-59200HigOct 14, 2025
    risk 0.50cvss 7.7epss 0.01

    Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.

  • CVE-2025-55698HigOct 14, 2025
    risk 0.50cvss 7.7epss 0.01

    Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network.

  • CVE-2025-53139HigOct 14, 2025
    risk 0.50cvss 7.7epss 0.00

    Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2025-53781HigAug 12, 2025
    risk 0.50cvss 7.7epss 0.01

    Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.

  • CVE-2025-53722HigAug 12, 2025
    risk 0.50cvss 7.5epss 0.17

    Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.

  • CVE-2025-49719HigJul 8, 2025
    risk 0.50cvss 7.5epss 0.10

    Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-47984HigJul 8, 2025
    risk 0.50cvss 7.5epss 0.14

    Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-29833HigMay 13, 2025
    risk 0.50cvss 7.7epss 0.00

    Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally.

  • CVE-2024-43584HigOct 8, 2024
    risk 0.50cvss 7.7epss 0.01

    Windows Scripting Engine Security Feature Bypass Vulnerability

Page 103 of 287