Vendor CVEs
Microsoft
All CVEs
14,324 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-1319 | Hig | 0.48 | 7.3 | 0.05 | Sep 11, 2020 | A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change,… | ||
| CVE-2020-1198 | Hig | 0.48 | 7.4 | 0.03 | Sep 11, 2020 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to… | ||
| CVE-2020-1571 | Hig | 0.48 | 7.3 | 0.01 | Aug 17, 2020 | An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs;… | ||
| CVE-2020-1557 | Hig | 0.48 | 7.3 | 0.04 | Aug 17, 2020 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by… | ||
| CVE-2020-1182 | Hig | 0.48 | 7.3 | 0.03 | Aug 17, 2020 | A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An… | ||
| CVE-2019-1439 | Med | 0.48 | 6.5 | 0.76 | Nov 12, 2019 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | ||
| CVE-2019-1317 | Hig | 0.48 | 7.3 | 0.01 | Oct 10, 2019 | A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'. | ||
| CVE-2019-1211 | Hig | 0.48 | 7.3 | 0.02 | Aug 14, 2019 | An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user. To exploit the vulnerability, an authenticated… | ||
| CVE-2019-1185 | Hig | 0.48 | 7.3 | 0.01 | Aug 14, 2019 | An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could… | ||
| CVE-2019-0856 | Hig | 0.48 | 7.2 | 0.18 | Apr 9, 2019 | A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'. | ||
| CVE-2017-8494 | Hig | 0.48 | 7.3 | 0.02 | Jun 15, 2017 | Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of… | ||
| CVE-2017-8460 | Hig | 0.48 | 7.3 | 0.03 | Jun 15, 2017 | Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka "Windows PDF Information Disclosure Vulnerability". | ||
| CVE-2017-0298 | Hig | 0.48 | 7.3 | 0.02 | Jun 15, 2017 | A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an… | ||
| CVE-2017-0249 | Hig | 0.48 | 7.3 | 0.04 | May 12, 2017 | An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | ||
| CVE-2017-0063 | Med | 0.48 | 6.5 | 0.35 | Mar 17, 2017 | The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote… | ||
| CVE-2017-0059 | Med | 0.48 | 4.3 | 0.62 | KEV | Mar 17, 2017 | Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and… | |
| CVE-2016-7291 | Hig | 0.48 | 7.1 | 0.23 | Dec 20, 2016 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a… | ||
| CVE-2016-7290 | Hig | 0.48 | 7.1 | 0.23 | Dec 20, 2016 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a… | ||
| CVE-2016-7276 | Hig | 0.48 | 7.1 | 0.25 | Dec 20, 2016 | Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office… | ||
| CVE-2016-7268 | Hig | 0.48 | 7.1 | 0.23 | Dec 20, 2016 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory… | ||
| CVE-2016-7265 | Hig | 0.48 | 7.1 | 0.23 | Dec 20, 2016 | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive… | ||
| CVE-2016-7264 | Hig | 0.48 | 7.1 | 0.23 | Dec 20, 2016 | Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft… | ||
| CVE-2016-7211 | Hig | 0.48 | 7.3 | 0.03 | Oct 14, 2016 | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka… | ||
| CVE-2016-3386 | Hig | 0.48 | 7.5 | 0.41 | Oct 14, 2016 | The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3389,… | ||
| CVE-2016-3286 | Hig | 0.48 | 7.3 | 0.03 | Jul 13, 2016 | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k… | ||
| CVE-2016-3252 | Hig | 0.48 | 7.3 | 0.04 | Jul 13, 2016 | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k… | ||
| CVE-2016-3250 | Hig | 0.48 | 7.3 | 0.03 | Jul 13, 2016 | The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||
| CVE-2016-3249 | Hig | 0.48 | 7.3 | 0.03 | Jul 13, 2016 | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k… | ||
| CVE-2016-4158 | Hig | 0.48 | 7.3 | 0.03 | Jun 16, 2016 | Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. | ||
| CVE-2016-0161 | Med | 0.48 | 6.5 | 0.69 | Apr 12, 2016 | Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158. | ||
| CVE-2016-0120 | Med | 0.48 | 6.5 | 0.39 | Mar 9, 2016 | The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a… | ||
| CVE-2013-1292 | Hig | 0.48 | 7.4 | 0.01 | Apr 9, 2013 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages… | ||
| CVE-2013-1278 | Hig | 0.48 | 7.4 | 0.01 | Feb 13, 2013 | Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted… | ||
| CVE-2011-2016 | Hig | 0.48 | 7.3 | 0.08 | Nov 8, 2011 | Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as… | ||
| CVE-2010-3957 | Hig | 0.48 | 7.3 | 0.02 | Dec 16, 2010 | Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka… | ||
| CVE-2026-47634 | Hig | 0.47 | 7.3 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-45481 | Hig | 0.47 | 7.3 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-35433 | Hig | 0.47 | 7.3 | 0.01 | May 12, 2026 | Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-32202 | Med | 0.47 | 4.3 | 0.64 | KEV | Apr 14, 2026 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network. | |
| CVE-2026-32149 | Hig | 0.47 | 7.3 | 0.00 | Apr 14, 2026 | Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. | ||
| CVE-2026-20803 | Hig | 0.47 | 7.2 | 0.01 | Jan 13, 2026 | Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-64676 | Hig | 0.47 | 7.2 | 0.01 | Dec 18, 2025 | '.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network. | ||
| CVE-2025-62565 | Hig | 0.47 | 7.3 | 0.01 | Dec 9, 2025 | Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-59504 | Hig | 0.47 | 7.3 | 0.00 | Nov 11, 2025 | Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-59273 | Hig | 0.47 | 7.3 | 0.00 | Oct 23, 2025 | Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2025-55240 | Hig | 0.47 | 7.3 | 0.00 | Oct 14, 2025 | Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-25004 | Hig | 0.47 | 7.3 | 0.00 | Oct 14, 2025 | Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-55322 | Hig | 0.47 | 7.3 | 0.00 | Sep 24, 2025 | Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-55236 | Hig | 0.47 | 7.3 | 0.00 | Sep 9, 2025 | Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. | ||
| CVE-2025-54911 | Hig | 0.47 | 7.3 | 0.01 | Sep 9, 2025 | Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. |
- risk 0.48cvss 7.3epss 0.05
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change,…
- risk 0.48cvss 7.4epss 0.03
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to…
- risk 0.48cvss 7.3epss 0.01
An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs;…
- risk 0.48cvss 7.3epss 0.04
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…
- risk 0.48cvss 7.3epss 0.03
A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An…
- risk 0.48cvss 6.5epss 0.76
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.
- risk 0.48cvss 7.3epss 0.01
A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.
- risk 0.48cvss 7.3epss 0.02
An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user. To exploit the vulnerability, an authenticated…
- risk 0.48cvss 7.3epss 0.01
An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…
- risk 0.48cvss 7.2epss 0.18
A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.
- risk 0.48cvss 7.3epss 0.02
Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of…
- risk 0.48cvss 7.3epss 0.03
Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka "Windows PDF Information Disclosure Vulnerability".
- risk 0.48cvss 7.3epss 0.02
A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an…
- risk 0.48cvss 7.3epss 0.04
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
- risk 0.48cvss 6.5epss 0.35
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote…
- risk 0.48cvss 4.3epss 0.62
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and…
- risk 0.48cvss 7.1epss 0.23
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a…
- risk 0.48cvss 7.1epss 0.23
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a…
- risk 0.48cvss 7.1epss 0.25
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office…
- risk 0.48cvss 7.1epss 0.23
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory…
- risk 0.48cvss 7.1epss 0.23
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive…
- risk 0.48cvss 7.1epss 0.23
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft…
- risk 0.48cvss 7.3epss 0.03
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka…
- risk 0.48cvss 7.5epss 0.41
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3389,…
- risk 0.48cvss 7.3epss 0.03
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k…
- risk 0.48cvss 7.3epss 0.04
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k…
- risk 0.48cvss 7.3epss 0.03
The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
- risk 0.48cvss 7.3epss 0.03
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k…
- risk 0.48cvss 7.3epss 0.03
Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.
- risk 0.48cvss 6.5epss 0.69
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158.
- risk 0.48cvss 6.5epss 0.39
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a…
- risk 0.48cvss 7.4epss 0.01
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages…
- risk 0.48cvss 7.4epss 0.01
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted…
- risk 0.48cvss 7.3epss 0.08
Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as…
- risk 0.48cvss 7.3epss 0.02
Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka…
- risk 0.47cvss 7.3epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.47cvss 7.3epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.47cvss 7.3epss 0.01
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
- risk 0.47cvss 4.3epss 0.64
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
- risk 0.47cvss 7.3epss 0.00
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
- risk 0.47cvss 7.2epss 0.01
Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.
- risk 0.47cvss 7.2epss 0.01
'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.
- risk 0.47cvss 7.3epss 0.01
Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
- risk 0.47cvss 7.3epss 0.00
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.
- risk 0.47cvss 7.3epss 0.00
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.
- risk 0.47cvss 7.3epss 0.00
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
- risk 0.47cvss 7.3epss 0.00
Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
- risk 0.47cvss 7.3epss 0.00
Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.
- risk 0.47cvss 7.3epss 0.00
Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.
- risk 0.47cvss 7.3epss 0.01
Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
Page 127 of 287