Vendor CVEs
Microsoft
All CVEs
14,319 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-28459 | Med | 0.40 | 6.1 | 0.02 | Apr 13, 2021 | Azure DevOps Server Spoofing Vulnerability | ||
| CVE-2021-26413 | Med | 0.40 | 6.2 | 0.01 | Apr 13, 2021 | Windows Installer Spoofing Vulnerability | ||
| CVE-2021-27074 | Med | 0.40 | 6.2 | 0.01 | Mar 11, 2021 | Azure Sphere Unsigned Code Execution Vulnerability | ||
| CVE-2021-26892 | Med | 0.40 | 6.2 | 0.01 | Mar 11, 2021 | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | ||
| CVE-2021-26886 | Med | 0.40 | 6.1 | 0.01 | Mar 11, 2021 | User Profile Service Denial of Service Vulnerability | ||
| CVE-2021-1724 | Med | 0.40 | 6.1 | 0.01 | Feb 25, 2021 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | ||
| CVE-2020-16990 | Med | 0.40 | 6.2 | 0.01 | Nov 11, 2020 | Azure Sphere Information Disclosure Vulnerability | ||
| CVE-2020-16986 | Med | 0.40 | 6.2 | 0.01 | Nov 11, 2020 | Azure Sphere Denial of Service Vulnerability | ||
| CVE-2020-16985 | Med | 0.40 | 6.2 | 0.02 | Nov 11, 2020 | Azure Sphere Information Disclosure Vulnerability | ||
| CVE-2020-16982 | Med | 0.40 | 6.1 | 0.01 | Nov 11, 2020 | Azure Sphere Unsigned Code Execution Vulnerability | ||
| CVE-2020-16981 | Med | 0.40 | 6.1 | 0.01 | Nov 11, 2020 | Azure Sphere Elevation of Privilege Vulnerability | ||
| CVE-2020-26505 | Med | 0.40 | 6.1 | 0.01 | Nov 5, 2020 | A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker… | ||
| CVE-2020-1598 | Med | 0.40 | 6.1 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could… | ||
| CVE-2020-1506 | Med | 0.40 | 6.1 | 0.02 | Sep 11, 2020 | An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the… | ||
| CVE-2020-1442 | Med | 0.40 | 6.1 | 0.02 | Jul 14, 2020 | A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'. | ||
| CVE-2020-1327 | Med | 0.40 | 6.1 | 0.02 | Jun 9, 2020 | A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'. | ||
| CVE-2020-1323 | Med | 0.40 | 6.1 | 0.02 | Jun 9, 2020 | An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'. | ||
| CVE-2020-1220 | Med | 0.40 | 6.1 | 0.02 | Jun 9, 2020 | A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'. | ||
| CVE-2020-1106 | Med | 0.40 | 6.1 | 0.03 | May 21, 2020 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099,… | ||
| CVE-2020-1055 | Med | 0.40 | 6.1 | 0.02 | May 21, 2020 | A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'. | ||
| CVE-2020-1050 | Med | 0.40 | 6.1 | 0.02 | Apr 15, 2020 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique… | ||
| CVE-2019-1486 | Med | 0.40 | 6.1 | 0.01 | Dec 10, 2019 | A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'. | ||
| CVE-2019-1470 | Med | 0.40 | 6.0 | 0.06 | Dec 10, 2019 | An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | ||
| CVE-2019-1332 | Med | 0.40 | 6.1 | 0.07 | Dec 10, 2019 | A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'. | ||
| CVE-2019-1399 | Med | 0.40 | 6.2 | 0.02 | Nov 12, 2019 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309,… | ||
| CVE-2019-1266 | Med | 0.40 | 6.1 | 0.02 | Sep 11, 2019 | A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. | ||
| CVE-2019-0928 | Med | 0.40 | 6.2 | 0.02 | Sep 11, 2019 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | ||
| CVE-2019-1125 | Med | 0.40 | 5.6 | 0.05 | Sep 3, 2019 | An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would… | ||
| CVE-2019-1075 | Med | 0.40 | 6.1 | 0.03 | Jul 15, 2019 | A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'. | ||
| CVE-2019-0874 | Med | 0.40 | 6.1 | 0.02 | Apr 9, 2019 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. | ||
| CVE-2019-0871 | Med | 0.40 | 6.1 | 0.02 | Apr 9, 2019 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866,… | ||
| CVE-2019-0870 | Med | 0.40 | 6.1 | 0.02 | Apr 9, 2019 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866,… | ||
| CVE-2019-0869 | Med | 0.40 | 6.1 | 0.02 | Apr 9, 2019 | A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'. | ||
| CVE-2019-0868 | Med | 0.40 | 6.1 | 0.02 | Apr 9, 2019 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866,… | ||
| CVE-2019-0867 | Med | 0.40 | 6.1 | 0.02 | Apr 9, 2019 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866,… | ||
| CVE-2019-0866 | Med | 0.40 | 6.1 | 0.03 | Apr 9, 2019 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867,… | ||
| CVE-2019-0858 | Med | 0.40 | 6.1 | 0.02 | Apr 9, 2019 | A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817. | ||
| CVE-2019-0798 | Med | 0.40 | 6.1 | 0.02 | Apr 9, 2019 | A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'. | ||
| CVE-2019-0670 | Med | 0.40 | 6.1 | 0.02 | Mar 5, 2019 | A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'. | ||
| CVE-2019-0635 | Med | 0.40 | 6.2 | 0.02 | Mar 5, 2019 | An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | ||
| CVE-2018-8600 | Med | 0.40 | 6.1 | 0.02 | Nov 14, 2018 | A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka "Azure App Service Cross-site Scripting Vulnerability." This affects Azure App. | ||
| CVE-2018-8470 | Med | 0.40 | 6.1 | 0.03 | Sep 13, 2018 | A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11. | ||
| CVE-2018-8437 | Med | 0.40 | 6.2 | 0.02 | Sep 13, 2018 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10… | ||
| CVE-2018-8436 | Med | 0.40 | 6.2 | 0.02 | Sep 13, 2018 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10… | ||
| CVE-2018-8278 | Med | 0.40 | 6.1 | 0.06 | Jul 11, 2018 | A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | ||
| CVE-2018-8239 | Med | 0.40 | 5.5 | 0.59 | Jun 14, 2018 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||
| CVE-2018-0964 | Med | 0.40 | 6.1 | 0.02 | Apr 12, 2018 | An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows 10, Windows 10… | ||
| CVE-2018-0908 | Med | 0.40 | 6.1 | 0.02 | Feb 26, 2018 | Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege… | ||
| CVE-2018-0799 | Med | 0.40 | 6.1 | 0.04 | Jan 10, 2018 | Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability". | ||
| CVE-2017-11863 | Med | 0.40 | 6.1 | 0.03 | Nov 15, 2017 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents,… |
- risk 0.40cvss 6.1epss 0.02
Azure DevOps Server Spoofing Vulnerability
- risk 0.40cvss 6.2epss 0.01
Windows Installer Spoofing Vulnerability
- risk 0.40cvss 6.2epss 0.01
Azure Sphere Unsigned Code Execution Vulnerability
- risk 0.40cvss 6.2epss 0.01
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
- risk 0.40cvss 6.1epss 0.01
User Profile Service Denial of Service Vulnerability
- risk 0.40cvss 6.1epss 0.01
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
- risk 0.40cvss 6.2epss 0.01
Azure Sphere Information Disclosure Vulnerability
- risk 0.40cvss 6.2epss 0.01
Azure Sphere Denial of Service Vulnerability
- risk 0.40cvss 6.2epss 0.02
Azure Sphere Information Disclosure Vulnerability
- risk 0.40cvss 6.1epss 0.01
Azure Sphere Unsigned Code Execution Vulnerability
- risk 0.40cvss 6.1epss 0.01
Azure Sphere Elevation of Privilege Vulnerability
- risk 0.40cvss 6.1epss 0.01
A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker…
- risk 0.40cvss 6.1epss 0.01
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could…
- risk 0.40cvss 6.1epss 0.02
An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the…
- risk 0.40cvss 6.1epss 0.02
A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'.
- risk 0.40cvss 6.1epss 0.02
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.
- risk 0.40cvss 6.1epss 0.02
An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'.
- risk 0.40cvss 6.1epss 0.02
A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'.
- risk 0.40cvss 6.1epss 0.03
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099,…
- risk 0.40cvss 6.1epss 0.02
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'.
- risk 0.40cvss 6.1epss 0.02
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique…
- risk 0.40cvss 6.1epss 0.01
A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'.
- risk 0.40cvss 6.0epss 0.06
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.
- risk 0.40cvss 6.1epss 0.07
A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'.
- risk 0.40cvss 6.2epss 0.02
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309,…
- risk 0.40cvss 6.1epss 0.02
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'.
- risk 0.40cvss 6.2epss 0.02
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.
- risk 0.40cvss 5.6epss 0.05
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would…
- risk 0.40cvss 6.1epss 0.03
A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.
- risk 0.40cvss 6.1epss 0.02
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
- risk 0.40cvss 6.1epss 0.02
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866,…
- risk 0.40cvss 6.1epss 0.02
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866,…
- risk 0.40cvss 6.1epss 0.02
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.
- risk 0.40cvss 6.1epss 0.02
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866,…
- risk 0.40cvss 6.1epss 0.02
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866,…
- risk 0.40cvss 6.1epss 0.03
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867,…
- risk 0.40cvss 6.1epss 0.02
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817.
- risk 0.40cvss 6.1epss 0.02
A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.
- risk 0.40cvss 6.1epss 0.02
A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.
- risk 0.40cvss 6.2epss 0.02
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.
- risk 0.40cvss 6.1epss 0.02
A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka "Azure App Service Cross-site Scripting Vulnerability." This affects Azure App.
- risk 0.40cvss 6.1epss 0.03
A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.
- risk 0.40cvss 6.2epss 0.02
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10…
- risk 0.40cvss 6.2epss 0.02
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10…
- risk 0.40cvss 6.1epss 0.06
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.
- risk 0.40cvss 5.5epss 0.59
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- risk 0.40cvss 6.1epss 0.02
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows 10, Windows 10…
- risk 0.40cvss 6.1epss 0.02
Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege…
- risk 0.40cvss 6.1epss 0.04
Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability".
- risk 0.40cvss 6.1epss 0.03
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents,…
Page 161 of 287