Vendor CVEs
Microsoft
All CVEs
14,319 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-34507 | Med | 0.42 | 6.5 | 0.03 | Jul 14, 2021 | Windows Remote Assistance Information Disclosure Vulnerability | ||
| CVE-2021-34499 | Med | 0.42 | 6.5 | 0.03 | Jul 14, 2021 | Windows DNS Server Denial of Service Vulnerability | ||
| CVE-2021-33783 | Med | 0.42 | 6.5 | 0.03 | Jul 14, 2021 | Windows SMB Information Disclosure Vulnerability | ||
| CVE-2021-33745 | Med | 0.42 | 6.5 | 0.03 | Jul 14, 2021 | Windows DNS Server Denial of Service Vulnerability | ||
| CVE-2021-31959 | Med | 0.42 | 6.4 | 0.09 | Jun 8, 2021 | Scripting Engine Memory Corruption Vulnerability | ||
| CVE-2021-31209 | Med | 0.42 | 6.5 | 0.03 | May 11, 2021 | Microsoft Exchange Server Spoofing Vulnerability | ||
| CVE-2021-31205 | Med | 0.42 | 6.5 | 0.03 | May 11, 2021 | Windows SMB Client Security Feature Bypass Vulnerability | ||
| CVE-2021-26421 | Med | 0.42 | 6.5 | 0.01 | May 11, 2021 | Skype for Business and Lync Spoofing Vulnerability | ||
| CVE-2021-28441 | Med | 0.42 | 6.5 | 0.01 | Apr 13, 2021 | Windows Hyper-V Information Disclosure Vulnerability | ||
| CVE-2021-28328 | Med | 0.42 | 6.5 | 0.02 | Apr 13, 2021 | Windows DNS Information Disclosure Vulnerability | ||
| CVE-2021-28311 | Med | 0.42 | 6.5 | 0.03 | Apr 13, 2021 | Windows Application Compatibility Cache Denial of Service Vulnerability | ||
| CVE-2021-27067 | Med | 0.42 | 6.5 | 0.03 | Apr 13, 2021 | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability | ||
| CVE-2021-24101 | Med | 0.42 | 6.5 | 0.03 | Feb 25, 2021 | Microsoft Dataverse Information Disclosure Vulnerability | ||
| CVE-2021-24099 | Med | 0.42 | 6.5 | 0.03 | Feb 25, 2021 | Skype for Business and Lync Denial of Service Vulnerability | ||
| CVE-2021-24080 | Med | 0.42 | 6.5 | 0.03 | Feb 25, 2021 | Windows Trust Verification API Denial of Service Vulnerability | ||
| CVE-2021-24073 | Med | 0.42 | 6.5 | 0.02 | Feb 25, 2021 | Skype for Business and Lync Spoofing Vulnerability | ||
| CVE-2020-17135 | Med | 0.42 | 6.4 | 0.01 | Dec 10, 2020 | Azure DevOps Server Spoofing Vulnerability | ||
| CVE-2020-17130 | Med | 0.42 | 6.5 | 0.02 | Dec 10, 2020 | Microsoft Excel Security Feature Bypass Vulnerability | ||
| CVE-2020-16996 | Med | 0.42 | 6.5 | 0.03 | Dec 10, 2020 | Kerberos Security Feature Bypass Vulnerability | ||
| CVE-2020-17040 | Med | 0.42 | 6.5 | 0.03 | Nov 11, 2020 | Windows Hyper-V Security Feature Bypass Vulnerability | ||
| CVE-2020-16943 | Med | 0.42 | 6.5 | 0.01 | Oct 16, 2020 | An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce. An unauthenticated attacker who successfully exploited this vulnerability could update data without proper authorization. To exploit the vulnerability, an attacker would need to send a… | ||
| CVE-2020-0904 | Med | 0.42 | 6.5 | 0.01 | Sep 11, 2020 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest… | ||
| CVE-2020-0890 | Med | 0.42 | 6.5 | 0.03 | Sep 11, 2020 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest… | ||
| CVE-2020-1329 | Med | 0.42 | 6.5 | 0.03 | Jun 9, 2020 | A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Microsoft Bing Search Spoofing Vulnerability'. | ||
| CVE-2020-1103 | Med | 0.42 | 6.5 | 0.03 | May 21, 2020 | An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint… | ||
| CVE-2020-1065 | Hig | 0.42 | 7.5 | 0.08 | May 21, 2020 | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | ||
| CVE-2020-1037 | Hig | 0.42 | 7.5 | 0.08 | May 21, 2020 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | ||
| CVE-2019-4732 | Med | 0.42 | 6.5 | 0.01 | Feb 3, 2020 | IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows… | ||
| CVE-2018-8654 | Med | 0.42 | 6.5 | 0.02 | Jan 24, 2020 | An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1428 | Hig | 0.42 | 7.5 | 0.09 | Nov 12, 2019 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1429. | ||
| CVE-2019-1427 | Hig | 0.42 | 7.5 | 0.09 | Nov 12, 2019 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1428, CVE-2019-1429. | ||
| CVE-2019-1425 | Med | 0.42 | 6.5 | 0.03 | Nov 12, 2019 | An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1330 | Med | 0.42 | 6.5 | 0.02 | Oct 10, 2019 | An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329. | ||
| CVE-2019-1238 | Med | 0.42 | 6.4 | 0.05 | Oct 10, 2019 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239. | ||
| CVE-2019-1300 | Hig | 0.42 | 7.5 | 0.09 | Sep 11, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237,… | ||
| CVE-2019-1298 | Hig | 0.42 | 7.5 | 0.09 | Sep 11, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237,… | ||
| CVE-2019-1260 | Med | 0.42 | 6.5 | 0.03 | Sep 11, 2019 | An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1237 | Hig | 0.42 | 7.5 | 0.09 | Sep 11, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298,… | ||
| CVE-2019-1217 | Hig | 0.42 | 7.5 | 0.09 | Sep 11, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298,… | ||
| CVE-2019-1138 | Hig | 0.42 | 7.5 | 0.09 | Sep 11, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298,… | ||
| CVE-2019-1198 | Med | 0.42 | 6.5 | 0.02 | Aug 14, 2019 | An elevation of privilege exists in SyncController.dll. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the… | ||
| CVE-2019-1193 | Med | 0.42 | 6.4 | 0.03 | Aug 14, 2019 | A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully… | ||
| CVE-2019-1107 | Hig | 0.42 | 7.5 | 0.09 | Jul 15, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103,… | ||
| CVE-2019-1106 | Hig | 0.42 | 7.5 | 0.09 | Jul 15, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103,… | ||
| CVE-2019-1103 | Hig | 0.42 | 7.5 | 0.09 | Jul 15, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1106,… | ||
| CVE-2019-1092 | Hig | 0.42 | 7.5 | 0.09 | Jul 15, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1103, CVE-2019-1106,… | ||
| CVE-2019-1062 | Hig | 0.42 | 7.5 | 0.09 | Jul 15, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1092, CVE-2019-1103, CVE-2019-1106,… | ||
| CVE-2019-1043 | Med | 0.42 | 6.4 | 0.03 | Jun 12, 2019 | A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the… | ||
| CVE-2019-0996 | Med | 0.42 | 6.5 | 0.02 | Jun 12, 2019 | A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker who successfully exploited this vulnerability could bypass OAuth protections and register an application… | ||
| CVE-2019-0937 | Hig | 0.42 | 7.5 | 0.09 | May 16, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914,… |
- risk 0.42cvss 6.5epss 0.03
Windows Remote Assistance Information Disclosure Vulnerability
- risk 0.42cvss 6.5epss 0.03
Windows DNS Server Denial of Service Vulnerability
- risk 0.42cvss 6.5epss 0.03
Windows SMB Information Disclosure Vulnerability
- risk 0.42cvss 6.5epss 0.03
Windows DNS Server Denial of Service Vulnerability
- risk 0.42cvss 6.4epss 0.09
Scripting Engine Memory Corruption Vulnerability
- risk 0.42cvss 6.5epss 0.03
Microsoft Exchange Server Spoofing Vulnerability
- risk 0.42cvss 6.5epss 0.03
Windows SMB Client Security Feature Bypass Vulnerability
- risk 0.42cvss 6.5epss 0.01
Skype for Business and Lync Spoofing Vulnerability
- risk 0.42cvss 6.5epss 0.01
Windows Hyper-V Information Disclosure Vulnerability
- risk 0.42cvss 6.5epss 0.02
Windows DNS Information Disclosure Vulnerability
- risk 0.42cvss 6.5epss 0.03
Windows Application Compatibility Cache Denial of Service Vulnerability
- risk 0.42cvss 6.5epss 0.03
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
- risk 0.42cvss 6.5epss 0.03
Microsoft Dataverse Information Disclosure Vulnerability
- risk 0.42cvss 6.5epss 0.03
Skype for Business and Lync Denial of Service Vulnerability
- risk 0.42cvss 6.5epss 0.03
Windows Trust Verification API Denial of Service Vulnerability
- risk 0.42cvss 6.5epss 0.02
Skype for Business and Lync Spoofing Vulnerability
- risk 0.42cvss 6.4epss 0.01
Azure DevOps Server Spoofing Vulnerability
- risk 0.42cvss 6.5epss 0.02
Microsoft Excel Security Feature Bypass Vulnerability
- risk 0.42cvss 6.5epss 0.03
Kerberos Security Feature Bypass Vulnerability
- risk 0.42cvss 6.5epss 0.03
Windows Hyper-V Security Feature Bypass Vulnerability
- risk 0.42cvss 6.5epss 0.01
An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce. An unauthenticated attacker who successfully exploited this vulnerability could update data without proper authorization. To exploit the vulnerability, an attacker would need to send a…
- risk 0.42cvss 6.5epss 0.01
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest…
- risk 0.42cvss 6.5epss 0.03
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest…
- risk 0.42cvss 6.5epss 0.03
A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Microsoft Bing Search Spoofing Vulnerability'.
- risk 0.42cvss 6.5epss 0.03
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint…
- risk 0.42cvss 7.5epss 0.08
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.
- risk 0.42cvss 7.5epss 0.08
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.
- risk 0.42cvss 6.5epss 0.01
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows…
- risk 0.42cvss 6.5epss 0.02
An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'.
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1429.
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1428, CVE-2019-1429.
- risk 0.42cvss 6.5epss 0.03
An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.
- risk 0.42cvss 6.5epss 0.02
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.
- risk 0.42cvss 6.4epss 0.05
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239.
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237,…
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237,…
- risk 0.42cvss 6.5epss 0.03
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298,…
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298,…
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298,…
- risk 0.42cvss 6.5epss 0.02
An elevation of privilege exists in SyncController.dll. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the…
- risk 0.42cvss 6.4epss 0.03
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully…
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103,…
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103,…
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1106,…
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1103, CVE-2019-1106,…
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1092, CVE-2019-1103, CVE-2019-1106,…
- risk 0.42cvss 6.4epss 0.03
A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the…
- risk 0.42cvss 6.5epss 0.02
A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker who successfully exploited this vulnerability could bypass OAuth protections and register an application…
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914,…
Page 157 of 287