Vendor CVEs
Microsoft
All CVEs
14,319 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0187 | Hig | 0.50 | 7.5 | 0.22 | May 11, 2016 | The Microsoft (1) JScript 5.8 and (2) VBScript 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory… | ||
| CVE-2016-0166 | Hig | 0.50 | 7.5 | 0.16 | Apr 12, 2016 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
| CVE-2016-0164 | Hig | 0.50 | 7.5 | 0.13 | Apr 12, 2016 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
| CVE-2016-0159 | Hig | 0.50 | 7.5 | 0.16 | Apr 12, 2016 | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
| CVE-2016-0157 | Hig | 0.50 | 7.5 | 0.16 | Apr 12, 2016 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0156. | ||
| CVE-2016-0156 | Hig | 0.50 | 7.5 | 0.19 | Apr 12, 2016 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0157. | ||
| CVE-2016-0155 | Hig | 0.50 | 7.5 | 0.10 | Apr 12, 2016 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0156 and CVE-2016-0157. | ||
| CVE-2016-0154 | Hig | 0.50 | 7.5 | 0.14 | Apr 12, 2016 | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." | ||
| CVE-2016-0130 | Hig | 0.50 | 7.5 | 0.13 | Mar 9, 2016 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and… | ||
| CVE-2016-0129 | Hig | 0.50 | 7.5 | 0.13 | Mar 9, 2016 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and… | ||
| CVE-2016-0124 | Hig | 0.50 | 7.5 | 0.13 | Mar 9, 2016 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0129, and… | ||
| CVE-2016-0123 | Hig | 0.50 | 7.5 | 0.17 | Mar 9, 2016 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0124, CVE-2016-0129, and… | ||
| CVE-2016-0116 | Hig | 0.50 | 7.5 | 0.10 | Mar 9, 2016 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0123, CVE-2016-0124, CVE-2016-0129, and… | ||
| CVE-2016-0114 | Hig | 0.50 | 7.5 | 0.17 | Mar 9, 2016 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0103,… | ||
| CVE-2016-0113 | Hig | 0.50 | 7.5 | 0.17 | Mar 9, 2016 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105,… | ||
| CVE-2016-0112 | Hig | 0.50 | 7.5 | 0.17 | Mar 9, 2016 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105,… | ||
| CVE-2016-0110 | Hig | 0.50 | 7.5 | 0.14 | Mar 9, 2016 | Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." | ||
| CVE-2016-0109 | Hig | 0.50 | 7.5 | 0.17 | Mar 9, 2016 | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102,… | ||
| CVE-2016-0107 | Hig | 0.50 | 7.5 | 0.17 | Mar 9, 2016 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105,… | ||
| CVE-2016-0106 | Hig | 0.50 | 7.5 | 0.17 | Mar 9, 2016 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0103,… | ||
| CVE-2016-0105 | Hig | 0.50 | 7.5 | 0.14 | Mar 9, 2016 | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than… | ||
| CVE-2016-0104 | Hig | 0.50 | 7.5 | 0.13 | Mar 9, 2016 | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
| CVE-2016-0103 | Hig | 0.50 | 7.5 | 0.13 | Mar 9, 2016 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0106,… | ||
| CVE-2016-0102 | Hig | 0.50 | 7.5 | 0.17 | Mar 9, 2016 | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0103,… | ||
| CVE-2016-0047 | Hig | 0.50 | 7.5 | 0.21 | Feb 10, 2016 | WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability." | ||
| CVE-2016-0044 | Hig | 0.50 | 7.5 | 0.14 | Feb 10, 2016 | Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability." | ||
| CVE-2016-0033 | Hig | 0.50 | 7.5 | 0.18 | Feb 10, 2016 | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of… | ||
| CVE-2010-1260 | Hig | 0.50 | 7.5 | 0.19 | Jun 8, 2010 | The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory… | ||
| CVE-2002-1745 | Hig | 0.50 | 7.5 | 0.18 | Dec 31, 2002 | Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. | ||
| CVE-2001-1452 | Hig | 0.50 | 7.5 | 0.09 | Aug 31, 2001 | By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. | ||
| CVE-2001-0334 | Hig | 0.50 | 7.5 | 0.15 | Jun 27, 2001 | FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. | ||
| CVE-2000-0258 | Hig | 0.50 | 7.5 | 0.20 | Apr 12, 2000 | IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. | ||
| CVE-1999-1127 | Hig | 0.50 | 7.5 | 0.18 | Dec 31, 1999 | Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. | ||
| CVE-2026-49160 | Hig | 0.49 | 7.5 | 0.48 | Jun 9, 2026 | Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-48563 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-47654 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-45639 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2026 | Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-45583 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-44801 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-44799 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-42993 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-42992 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-42913 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-42909 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||
| CVE-2026-42908 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2026 | Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-40376 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2026 | Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-23663 | Hig | 0.49 | 7.5 | 0.01 | May 22, 2026 | Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-40067 | Hig | 0.49 | 7.5 | 0.00 | May 13, 2026 | When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||
| CVE-2026-40406 | Hig | 0.49 | 7.5 | 0.01 | May 12, 2026 | Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-40405 | Hig | 0.49 | 7.5 | 0.01 | May 12, 2026 | Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network. |
- risk 0.50cvss 7.5epss 0.22
The Microsoft (1) JScript 5.8 and (2) VBScript 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory…
- risk 0.50cvss 7.5epss 0.16
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
- risk 0.50cvss 7.5epss 0.13
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
- risk 0.50cvss 7.5epss 0.16
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
- risk 0.50cvss 7.5epss 0.16
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0156.
- risk 0.50cvss 7.5epss 0.19
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0157.
- risk 0.50cvss 7.5epss 0.10
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0156 and CVE-2016-0157.
- risk 0.50cvss 7.5epss 0.14
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
- risk 0.50cvss 7.5epss 0.13
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and…
- risk 0.50cvss 7.5epss 0.13
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and…
- risk 0.50cvss 7.5epss 0.13
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0129, and…
- risk 0.50cvss 7.5epss 0.17
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0124, CVE-2016-0129, and…
- risk 0.50cvss 7.5epss 0.10
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0123, CVE-2016-0124, CVE-2016-0129, and…
- risk 0.50cvss 7.5epss 0.17
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0103,…
- risk 0.50cvss 7.5epss 0.17
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105,…
- risk 0.50cvss 7.5epss 0.17
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105,…
- risk 0.50cvss 7.5epss 0.14
Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
- risk 0.50cvss 7.5epss 0.17
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102,…
- risk 0.50cvss 7.5epss 0.17
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105,…
- risk 0.50cvss 7.5epss 0.17
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0103,…
- risk 0.50cvss 7.5epss 0.14
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than…
- risk 0.50cvss 7.5epss 0.13
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
- risk 0.50cvss 7.5epss 0.13
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0106,…
- risk 0.50cvss 7.5epss 0.17
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0103,…
- risk 0.50cvss 7.5epss 0.21
WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."
- risk 0.50cvss 7.5epss 0.14
Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability."
- risk 0.50cvss 7.5epss 0.18
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of…
- risk 0.50cvss 7.5epss 0.19
The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory…
- risk 0.50cvss 7.5epss 0.18
Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.
- risk 0.50cvss 7.5epss 0.09
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
- risk 0.50cvss 7.5epss 0.15
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.
- risk 0.50cvss 7.5epss 0.20
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
- risk 0.50cvss 7.5epss 0.18
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
- risk 0.49cvss 7.5epss 0.48
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.01
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.01
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
- risk 0.49cvss 7.5epss 0.00
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.00
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- risk 0.49cvss 7.5epss 0.01
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
- risk 0.49cvss 7.5epss 0.01
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.01
Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.00
When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- risk 0.49cvss 7.5epss 0.01
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
- risk 0.49cvss 7.5epss 0.01
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
Page 109 of 287