VYPR

Vendor CVEs

Microsoft

All CVEs

14,319 total · sorted by risk
  • CVE-2016-0187HigMay 11, 2016
    risk 0.50cvss 7.5epss 0.22

    The Microsoft (1) JScript 5.8 and (2) VBScript 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory…

  • CVE-2016-0166HigApr 12, 2016
    risk 0.50cvss 7.5epss 0.16

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2016-0164HigApr 12, 2016
    risk 0.50cvss 7.5epss 0.13

    Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2016-0159HigApr 12, 2016
    risk 0.50cvss 7.5epss 0.16

    Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2016-0157HigApr 12, 2016
    risk 0.50cvss 7.5epss 0.16

    Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0156.

  • CVE-2016-0156HigApr 12, 2016
    risk 0.50cvss 7.5epss 0.19

    Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0157.

  • CVE-2016-0155HigApr 12, 2016
    risk 0.50cvss 7.5epss 0.10

    Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0156 and CVE-2016-0157.

  • CVE-2016-0154HigApr 12, 2016
    risk 0.50cvss 7.5epss 0.14

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

  • CVE-2016-0130HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.13

    Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and…

  • CVE-2016-0129HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.13

    Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and…

  • CVE-2016-0124HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.13

    Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0129, and…

  • CVE-2016-0123HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.17

    Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0124, CVE-2016-0129, and…

  • CVE-2016-0116HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.10

    Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0123, CVE-2016-0124, CVE-2016-0129, and…

  • CVE-2016-0114HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.17

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0103,…

  • CVE-2016-0113HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.17

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105,…

  • CVE-2016-0112HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.17

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105,…

  • CVE-2016-0110HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.14

    Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

  • CVE-2016-0109HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.17

    Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102,…

  • CVE-2016-0107HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.17

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105,…

  • CVE-2016-0106HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.17

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0103,…

  • CVE-2016-0105HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.14

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than…

  • CVE-2016-0104HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.13

    Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2016-0103HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.13

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0106,…

  • CVE-2016-0102HigMar 9, 2016
    risk 0.50cvss 7.5epss 0.17

    Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0103,…

  • CVE-2016-0047HigFeb 10, 2016
    risk 0.50cvss 7.5epss 0.21

    WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."

  • CVE-2016-0044HigFeb 10, 2016
    risk 0.50cvss 7.5epss 0.14

    Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability."

  • CVE-2016-0033HigFeb 10, 2016
    risk 0.50cvss 7.5epss 0.18

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of…

  • CVE-2010-1260HigJun 8, 2010
    risk 0.50cvss 7.5epss 0.19

    The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory…

  • CVE-2002-1745HigDec 31, 2002
    risk 0.50cvss 7.5epss 0.18

    Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.

  • CVE-2001-1452HigAug 31, 2001
    risk 0.50cvss 7.5epss 0.09

    By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.

  • CVE-2001-0334HigJun 27, 2001
    risk 0.50cvss 7.5epss 0.15

    FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.

  • CVE-2000-0258HigApr 12, 2000
    risk 0.50cvss 7.5epss 0.20

    IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.

  • CVE-1999-1127HigDec 31, 1999
    risk 0.50cvss 7.5epss 0.18

    Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.

  • CVE-2026-49160HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.48

    Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.

  • CVE-2026-48563HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-47654HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-45639HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-45583HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.

  • CVE-2026-44801HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-44799HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-42993HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-42992HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-42913HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-42909HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-42908HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-40376HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-23663HigMay 22, 2026
    risk 0.49cvss 7.5epss 0.01

    Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-40067HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2026-40406HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.01

    Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-40405HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.01

    Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.

Page 109 of 287