Vendor CVEs
Microsoft
All CVEs
14,319 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-43474 | Hig | 0.50 | 7.6 | 0.01 | Sep 10, 2024 | Microsoft SQL Server Information Disclosure Vulnerability | ||
| CVE-2024-43464 | Hig | 0.50 | 7.2 | 0.36 | Sep 10, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2024-43458 | Hig | 0.50 | 7.7 | 0.02 | Sep 10, 2024 | Windows Networking Information Disclosure Vulnerability | ||
| CVE-2024-38024 | Hig | 0.50 | 7.2 | 0.45 | Jul 9, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2024-35267 | Hig | 0.50 | 7.6 | 0.02 | Jul 9, 2024 | Azure DevOps Server Spoofing Vulnerability | ||
| CVE-2024-35266 | Hig | 0.50 | 7.6 | 0.02 | Jul 9, 2024 | Azure DevOps Server Spoofing Vulnerability | ||
| CVE-2024-21328 | Hig | 0.50 | 7.6 | 0.01 | Feb 13, 2024 | Dynamics 365 Sales Spoofing Vulnerability | ||
| CVE-2024-21327 | Hig | 0.50 | 7.6 | 0.01 | Feb 13, 2024 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | ||
| CVE-2023-36049 | Hig | 0.50 | 7.6 | 0.13 | Nov 14, 2023 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | ||
| CVE-2023-38162 | Hig | 0.50 | 7.5 | 0.10 | Sep 12, 2023 | DHCP Server Service Denial of Service Vulnerability | ||
| CVE-2023-21752 | Hig | 0.50 | 7.1 | 0.05 | Jan 10, 2023 | Windows Backup Service Elevation of Privilege Vulnerability | ||
| CVE-2022-37998 | Hig | 0.50 | 7.7 | 0.03 | Oct 11, 2022 | Windows Local Session Manager (LSM) Denial of Service Vulnerability | ||
| CVE-2022-37973 | Hig | 0.50 | 7.7 | 0.03 | Oct 11, 2022 | Windows Local Session Manager (LSM) Denial of Service Vulnerability | ||
| CVE-2022-38012 | Hig | 0.50 | 7.7 | 0.01 | Sep 13, 2022 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||
| CVE-2022-23263 | Hig | 0.50 | 7.7 | 0.01 | Feb 7, 2022 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||
| CVE-2022-21891 | Hig | 0.50 | 7.6 | 0.02 | Jan 11, 2022 | Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability | ||
| CVE-2021-41349 | Med | 0.50 | 6.5 | 0.94 | Nov 10, 2021 | Microsoft Exchange Server Spoofing Vulnerability | ||
| CVE-2021-40484 | Hig | 0.50 | 7.6 | 0.01 | Oct 13, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-40483 | Hig | 0.50 | 7.6 | 0.01 | Oct 13, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-40463 | Hig | 0.50 | 7.7 | 0.02 | Oct 13, 2021 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | ||
| CVE-2021-38650 | Hig | 0.50 | 7.6 | 0.01 | Sep 15, 2021 | Microsoft Office Spoofing Vulnerability | ||
| CVE-2021-36940 | Hig | 0.50 | 7.6 | 0.04 | Aug 12, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-26429 | Hig | 0.50 | 7.7 | 0.00 | Aug 12, 2021 | Azure Sphere Elevation of Privilege Vulnerability | ||
| CVE-2021-33758 | Hig | 0.50 | 7.7 | 0.03 | Jul 14, 2021 | Windows Hyper-V Denial of Service Vulnerability | ||
| CVE-2021-31984 | Hig | 0.50 | 7.6 | 0.02 | Jul 14, 2021 | Power BI Remote Code Execution Vulnerability | ||
| CVE-2021-31206 | Hig | 0.50 | 7.6 | 0.10 | Jul 14, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2021-31964 | Hig | 0.50 | 7.6 | 0.02 | Jun 8, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-31948 | Hig | 0.50 | 7.6 | 0.01 | Jun 8, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-28478 | Hig | 0.50 | 7.6 | 0.02 | May 11, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-26416 | Hig | 0.50 | 7.7 | 0.04 | Apr 13, 2021 | Windows Hyper-V Denial of Service Vulnerability | ||
| CVE-2021-26859 | Hig | 0.50 | 7.7 | 0.03 | Mar 11, 2021 | Microsoft Power BI Information Disclosure Vulnerability | ||
| CVE-2021-1692 | Hig | 0.50 | 7.7 | 0.04 | Jan 12, 2021 | Windows Hyper-V Denial of Service Vulnerability | ||
| CVE-2021-1691 | Hig | 0.50 | 7.7 | 0.04 | Jan 12, 2021 | Windows Hyper-V Denial of Service Vulnerability | ||
| CVE-2021-1638 | Hig | 0.50 | 7.7 | 0.01 | Jan 12, 2021 | Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that… | ||
| CVE-2020-17096 | Hig | 0.50 | 7.5 | 0.19 | Dec 10, 2020 | Windows NTFS Remote Code Execution Vulnerability | ||
| CVE-2020-16997 | Hig | 0.50 | 7.7 | 0.04 | Nov 11, 2020 | Remote Desktop Protocol Server Information Disclosure Vulnerability | ||
| CVE-2020-16899 | Hig | 0.50 | 7.5 | 0.13 | Oct 16, 2020 | A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding. To exploit this vulnerability, an… | ||
| CVE-2020-16896 | Hig | 0.50 | 7.5 | 0.10 | Oct 16, 2020 | An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further… | ||
| CVE-2020-16894 | Hig | 0.50 | 7.7 | 0.05 | Oct 16, 2020 | A denial of service vulnerability exists when Windows Network Address Translation (NAT) on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server… | ||
| CVE-2020-1593 | Hig | 0.50 | 7.6 | 0.03 | Sep 11, 2020 | A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the… | ||
| CVE-2020-1508 | Hig | 0.50 | 7.6 | 0.03 | Sep 11, 2020 | A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the… | ||
| CVE-2020-16872 | Hig | 0.50 | 7.6 | 0.02 | Sep 11, 2020 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to… | ||
| CVE-2020-1403 | Hig | 0.50 | 7.5 | 0.10 | Jul 14, 2020 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | ||
| CVE-2020-1219 | Hig | 0.50 | 7.5 | 0.19 | Jun 9, 2020 | A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | ||
| CVE-2020-1206 | Hig | 0.50 | 7.5 | 0.10 | Jun 9, 2020 | An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'. | ||
| CVE-2020-1118 | Hig | 0.50 | 7.5 | 0.16 | May 21, 2020 | A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges, aka 'Microsoft Windows Transport Layer Security Denial of Service Vulnerability'. | ||
| CVE-2020-1108 | Hig | 0.50 | 7.5 | 0.12 | May 21, 2020 | A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. | ||
| CVE-2020-1062 | Hig | 0.50 | 7.5 | 0.14 | May 21, 2020 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1092. | ||
| CVE-2020-0827 | Hig | 0.50 | 7.5 | 0.13 | Mar 12, 2020 | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828,… | ||
| CVE-2020-0825 | Hig | 0.50 | 7.5 | 0.13 | Mar 12, 2020 | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828,… |
- risk 0.50cvss 7.6epss 0.01
Microsoft SQL Server Information Disclosure Vulnerability
- risk 0.50cvss 7.2epss 0.36
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.50cvss 7.7epss 0.02
Windows Networking Information Disclosure Vulnerability
- risk 0.50cvss 7.2epss 0.45
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.50cvss 7.6epss 0.02
Azure DevOps Server Spoofing Vulnerability
- risk 0.50cvss 7.6epss 0.02
Azure DevOps Server Spoofing Vulnerability
- risk 0.50cvss 7.6epss 0.01
Dynamics 365 Sales Spoofing Vulnerability
- risk 0.50cvss 7.6epss 0.01
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
- risk 0.50cvss 7.6epss 0.13
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
- risk 0.50cvss 7.5epss 0.10
DHCP Server Service Denial of Service Vulnerability
- risk 0.50cvss 7.1epss 0.05
Windows Backup Service Elevation of Privilege Vulnerability
- risk 0.50cvss 7.7epss 0.03
Windows Local Session Manager (LSM) Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.03
Windows Local Session Manager (LSM) Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.01
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- risk 0.50cvss 7.7epss 0.01
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- risk 0.50cvss 7.6epss 0.02
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
- risk 0.50cvss 6.5epss 0.94
Microsoft Exchange Server Spoofing Vulnerability
- risk 0.50cvss 7.6epss 0.01
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.50cvss 7.6epss 0.01
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.50cvss 7.7epss 0.02
Windows Network Address Translation (NAT) Denial of Service Vulnerability
- risk 0.50cvss 7.6epss 0.01
Microsoft Office Spoofing Vulnerability
- risk 0.50cvss 7.6epss 0.04
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.50cvss 7.7epss 0.00
Azure Sphere Elevation of Privilege Vulnerability
- risk 0.50cvss 7.7epss 0.03
Windows Hyper-V Denial of Service Vulnerability
- risk 0.50cvss 7.6epss 0.02
Power BI Remote Code Execution Vulnerability
- risk 0.50cvss 7.6epss 0.10
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.50cvss 7.6epss 0.02
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.50cvss 7.6epss 0.01
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.50cvss 7.6epss 0.02
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.50cvss 7.7epss 0.04
Windows Hyper-V Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.03
Microsoft Power BI Information Disclosure Vulnerability
- risk 0.50cvss 7.7epss 0.04
Windows Hyper-V Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.04
Windows Hyper-V Denial of Service Vulnerability
- risk 0.50cvss 7.7epss 0.01
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that…
- risk 0.50cvss 7.5epss 0.19
Windows NTFS Remote Code Execution Vulnerability
- risk 0.50cvss 7.7epss 0.04
Remote Desktop Protocol Server Information Disclosure Vulnerability
- risk 0.50cvss 7.5epss 0.13
A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could cause a target system to stop responding. To exploit this vulnerability, an…
- risk 0.50cvss 7.5epss 0.10
An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further…
- risk 0.50cvss 7.7epss 0.05
A denial of service vulnerability exists when Windows Network Address Translation (NAT) on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server…
- risk 0.50cvss 7.6epss 0.03
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the…
- risk 0.50cvss 7.6epss 0.03
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the…
- risk 0.50cvss 7.6epss 0.02
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to…
- risk 0.50cvss 7.5epss 0.10
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.
- risk 0.50cvss 7.5epss 0.19
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.
- risk 0.50cvss 7.5epss 0.10
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.
- risk 0.50cvss 7.5epss 0.16
A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges, aka 'Microsoft Windows Transport Layer Security Denial of Service Vulnerability'.
- risk 0.50cvss 7.5epss 0.12
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
- risk 0.50cvss 7.5epss 0.14
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1092.
- risk 0.50cvss 7.5epss 0.13
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828,…
- risk 0.50cvss 7.5epss 0.13
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828,…
Page 104 of 287