VYPR

Vendor CVEs

Microsoft

All CVEs

14,319 total · sorted by risk
  • CVE-2021-28459MedApr 13, 2021
    risk 0.40cvss 6.1epss 0.02

    Azure DevOps Server Spoofing Vulnerability

  • CVE-2021-26413MedApr 13, 2021
    risk 0.40cvss 6.2epss 0.01

    Windows Installer Spoofing Vulnerability

  • CVE-2021-27074MedMar 11, 2021
    risk 0.40cvss 6.2epss 0.01

    Azure Sphere Unsigned Code Execution Vulnerability

  • CVE-2021-26892MedMar 11, 2021
    risk 0.40cvss 6.2epss 0.01

    Windows Extensible Firmware Interface Security Feature Bypass Vulnerability

  • CVE-2021-26886MedMar 11, 2021
    risk 0.40cvss 6.1epss 0.01

    User Profile Service Denial of Service Vulnerability

  • CVE-2021-1724MedFeb 25, 2021
    risk 0.40cvss 6.1epss 0.01

    Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

  • CVE-2020-16990MedNov 11, 2020
    risk 0.40cvss 6.2epss 0.01

    Azure Sphere Information Disclosure Vulnerability

  • CVE-2020-16986MedNov 11, 2020
    risk 0.40cvss 6.2epss 0.01

    Azure Sphere Denial of Service Vulnerability

  • CVE-2020-16985MedNov 11, 2020
    risk 0.40cvss 6.2epss 0.02

    Azure Sphere Information Disclosure Vulnerability

  • CVE-2020-16982MedNov 11, 2020
    risk 0.40cvss 6.1epss 0.01

    Azure Sphere Unsigned Code Execution Vulnerability

  • CVE-2020-16981MedNov 11, 2020
    risk 0.40cvss 6.1epss 0.01

    Azure Sphere Elevation of Privilege Vulnerability

  • CVE-2020-26505MedNov 5, 2020
    risk 0.40cvss 6.1epss 0.01

    A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker…

  • CVE-2020-1598MedSep 11, 2020
    risk 0.40cvss 6.1epss 0.01

    An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could…

  • CVE-2020-1506MedSep 11, 2020
    risk 0.40cvss 6.1epss 0.02

    An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the…

  • CVE-2020-1442MedJul 14, 2020
    risk 0.40cvss 6.1epss 0.02

    A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'.

  • CVE-2020-1327MedJun 9, 2020
    risk 0.40cvss 6.1epss 0.02

    A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.

  • CVE-2020-1323MedJun 9, 2020
    risk 0.40cvss 6.1epss 0.02

    An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'.

  • CVE-2020-1220MedJun 9, 2020
    risk 0.40cvss 6.1epss 0.02

    A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'.

  • CVE-2020-1106MedMay 21, 2020
    risk 0.40cvss 6.1epss 0.03

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099,…

  • CVE-2020-1055MedMay 21, 2020
    risk 0.40cvss 6.1epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'.

  • CVE-2020-1050MedApr 15, 2020
    risk 0.40cvss 6.1epss 0.02

    A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique…

  • CVE-2019-1486MedDec 10, 2019
    risk 0.40cvss 6.1epss 0.01

    A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'.

  • CVE-2019-1470MedDec 10, 2019
    risk 0.40cvss 6.0epss 0.06

    An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.

  • CVE-2019-1332MedDec 10, 2019
    risk 0.40cvss 6.1epss 0.07

    A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'.

  • CVE-2019-1399MedNov 12, 2019
    risk 0.40cvss 6.2epss 0.02

    A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309,…

  • CVE-2019-1266MedSep 11, 2019
    risk 0.40cvss 6.1epss 0.02

    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'.

  • CVE-2019-0928MedSep 11, 2019
    risk 0.40cvss 6.2epss 0.02

    A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.

  • CVE-2019-1125MedSep 3, 2019
    risk 0.40cvss 5.6epss 0.05

    An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would…

  • CVE-2019-1075MedJul 15, 2019
    risk 0.40cvss 6.1epss 0.03

    A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.

  • CVE-2019-0874MedApr 9, 2019
    risk 0.40cvss 6.1epss 0.02

    A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.

  • CVE-2019-0871MedApr 9, 2019
    risk 0.40cvss 6.1epss 0.02

    A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866,…

  • CVE-2019-0870MedApr 9, 2019
    risk 0.40cvss 6.1epss 0.02

    A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866,…

  • CVE-2019-0869MedApr 9, 2019
    risk 0.40cvss 6.1epss 0.02

    A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.

  • CVE-2019-0868MedApr 9, 2019
    risk 0.40cvss 6.1epss 0.02

    A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866,…

  • CVE-2019-0867MedApr 9, 2019
    risk 0.40cvss 6.1epss 0.02

    A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866,…

  • CVE-2019-0866MedApr 9, 2019
    risk 0.40cvss 6.1epss 0.03

    A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867,…

  • CVE-2019-0858MedApr 9, 2019
    risk 0.40cvss 6.1epss 0.02

    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817.

  • CVE-2019-0798MedApr 9, 2019
    risk 0.40cvss 6.1epss 0.02

    A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.

  • CVE-2019-0670MedMar 5, 2019
    risk 0.40cvss 6.1epss 0.02

    A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.

  • CVE-2019-0635MedMar 5, 2019
    risk 0.40cvss 6.2epss 0.02

    An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.

  • CVE-2018-8600MedNov 14, 2018
    risk 0.40cvss 6.1epss 0.02

    A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka "Azure App Service Cross-site Scripting Vulnerability." This affects Azure App.

  • CVE-2018-8470MedSep 13, 2018
    risk 0.40cvss 6.1epss 0.03

    A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.

  • CVE-2018-8437MedSep 13, 2018
    risk 0.40cvss 6.2epss 0.02

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10…

  • CVE-2018-8436MedSep 13, 2018
    risk 0.40cvss 6.2epss 0.02

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10…

  • CVE-2018-8278MedJul 11, 2018
    risk 0.40cvss 6.1epss 0.06

    A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.

  • CVE-2018-8239MedJun 14, 2018
    risk 0.40cvss 5.5epss 0.59

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

  • CVE-2018-0964MedApr 12, 2018
    risk 0.40cvss 6.1epss 0.02

    An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows 10, Windows 10…

  • CVE-2018-0908MedFeb 26, 2018
    risk 0.40cvss 6.1epss 0.02

    Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege…

  • CVE-2018-0799MedJan 10, 2018
    risk 0.40cvss 6.1epss 0.04

    Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability".

  • CVE-2017-11863MedNov 15, 2017
    risk 0.40cvss 6.1epss 0.03

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents,…

Page 161 of 287