VYPR

Vendor CVEs

Microsoft

All CVEs

14,324 total · sorted by risk
  • CVE-2020-16851HigSep 11, 2020
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this…

  • CVE-2020-0912HigSep 11, 2020
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially…

  • CVE-2020-0878MedKEVSep 11, 2020
    risk 0.46cvss 4.2epss 0.03

    A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully…

  • CVE-2020-1488HigAug 17, 2020
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to…

  • CVE-2020-1477HigAug 17, 2020
    risk 0.46cvss 7.0epss 0.03

    A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are…

  • CVE-2020-1473HigAug 17, 2020
    risk 0.46cvss 7.0epss 0.03

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…

  • CVE-2020-1461HigJul 14, 2020
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.

  • CVE-2020-1405HigJul 14, 2020
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1372.

  • CVE-2020-1364HigJul 14, 2020
    risk 0.46cvss 7.1epss 0.01

    A denial of service vulnerability exists in the way that the WalletService handles files, aka 'Windows WalletService Denial of Service Vulnerability'.

  • CVE-2019-3585HigJun 10, 2020
    risk 0.46cvss 7.0epss 0.00

    Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with…

  • CVE-2020-1244HigJun 9, 2020
    risk 0.46cvss 7.1epss 0.03

    A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1120.

  • CVE-2020-1204HigJun 9, 2020
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'.

  • CVE-2020-1073HigJun 9, 2020
    risk 0.46cvss 8.1epss 0.09

    A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.

  • CVE-2020-1002HigApr 15, 2020
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.

  • CVE-2020-0942HigApr 15, 2020
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0944,…

  • CVE-2020-0936HigApr 15, 2020
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections, aka 'Windows Scheduled Task Elevation of Privilege Vulnerability'.

  • CVE-2020-0854HigMar 12, 2020
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'.

  • CVE-2020-0789HigMar 12, 2020
    risk 0.46cvss 7.1epss 0.01

    A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extension Installer Service Denial of Service Vulnerability'.

  • CVE-2020-0786HigMar 12, 2020
    risk 0.46cvss 7.1epss 0.01

    A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links, aka 'Windows Tile Object Service Denial of Service Vulnerability'.

  • CVE-2020-0785HigMar 12, 2020
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.

  • CVE-2020-0730HigFeb 11, 2020
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.

  • CVE-2019-1416HigNov 12, 2019
    risk 0.46cvss 7.0epss 0.00

    An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.

  • CVE-2019-1347MedOct 10, 2019
    risk 0.46cvss 6.5epss 0.14

    A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346.

  • CVE-2019-1346MedOct 10, 2019
    risk 0.46cvss 6.5epss 0.10

    A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347.

  • CVE-2019-1343MedOct 10, 2019
    risk 0.46cvss 6.5epss 0.10

    A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347.

  • CVE-2019-1245MedSep 11, 2019
    risk 0.46cvss 6.5epss 0.13

    An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251.

  • CVE-2019-1244MedSep 11, 2019
    risk 0.46cvss 6.5epss 0.12

    An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251.

  • CVE-2019-1186HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1180HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1179HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1178HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1177HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run…

  • CVE-2019-1176HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create…

  • CVE-2019-1175HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1174HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated…

  • CVE-2019-1173HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated…

  • CVE-2019-1161HigAug 14, 2019
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could…

  • CVE-2019-1037HigJul 15, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

  • CVE-2019-1041HigJun 12, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete…

  • CVE-2019-1018HigJun 12, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create…

  • CVE-2019-1017HigJun 12, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view,…

  • CVE-2019-1014HigJun 12, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view,…

  • CVE-2019-0984HigJun 12, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an…

  • CVE-2019-0960HigJun 12, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view,…

  • CVE-2019-0931HigMay 16, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.

  • CVE-2019-0707HigMay 16, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially…

  • CVE-2019-0659HigMar 5, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.

  • CVE-2019-0656HigMar 5, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

  • CVE-2019-0649HigMar 5, 2019
    risk 0.46cvss 8.1epss 0.04

    A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileged Vulnerability'.

  • CVE-2018-8333HigOct 10, 2018
    risk 0.46cvss 7.0epss 0.02

    An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka "Microsoft Filter Manager Elevation Of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server…

Page 139 of 287