Vendor CVEs
Microsoft
All CVEs
14,319 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0274 | Med | 0.39 | 5.9 | 0.07 | May 12, 2017 | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows… | ||
| CVE-2017-0273 | Med | 0.39 | 5.9 | 0.06 | May 12, 2017 | The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280. | ||
| CVE-2017-0271 | Med | 0.39 | 5.9 | 0.13 | May 12, 2017 | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows… | ||
| CVE-2017-0270 | Med | 0.39 | 5.9 | 0.07 | May 12, 2017 | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows… | ||
| CVE-2017-0269 | Med | 0.39 | 5.9 | 0.06 | May 12, 2017 | The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280. | ||
| CVE-2017-0268 | Med | 0.39 | 5.9 | 0.07 | May 12, 2017 | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows… | ||
| CVE-2017-0267 | Med | 0.39 | 5.9 | 0.13 | May 12, 2017 | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows… | ||
| CVE-2017-0171 | Med | 0.39 | 5.9 | 0.04 | May 12, 2017 | Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are configured to answer version queries, aka "Windows DNS Server Denial of Service Vulnerability". | ||
| CVE-2017-0167 | Med | 0.39 | 5.5 | 0.06 | Apr 12, 2017 | An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain… | ||
| CVE-2017-0045 | Med | 0.39 | 5.5 | 0.07 | Mar 17, 2017 | Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery… | ||
| CVE-2016-7216 | Med | 0.39 | 5.5 | 0.04 | Nov 10, 2016 | The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." | ||
| CVE-2016-0075 | Med | 0.39 | 5.5 | 0.07 | Oct 14, 2016 | The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel… | ||
| CVE-2016-0149 | Med | 0.39 | 5.9 | 0.08 | May 11, 2016 | Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure… | ||
| CVE-2012-2993 | Med | 0.39 | 5.9 | 0.04 | Sep 18, 2012 | Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. | ||
| CVE-2006-2374 | Med | 0.39 | 5.5 | 0.02 | Jun 13, 2006 | The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device,… | ||
| CVE-2026-46538 | Med | 0.38 | 5.9 | 0.00 | May 27, 2026 | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by session_id only and does not verify that a TASK_END message came from the device that… | ||
| CVE-2026-45498 | Med | 0.38 | 4.0 | 0.63 | KEV | May 20, 2026 | Microsoft Defender Denial of Service Vulnerability | |
| CVE-2026-32226 | Med | 0.38 | 5.9 | 0.01 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-48823 | Med | 0.38 | 5.9 | 0.01 | Jul 8, 2025 | Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-29954 | Med | 0.38 | 5.9 | 0.01 | May 13, 2025 | Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-27471 | Med | 0.38 | 5.9 | 0.01 | Apr 8, 2025 | Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-21242 | Med | 0.38 | 5.9 | 0.02 | Jan 14, 2025 | Windows Kerberos Information Disclosure Vulnerability | ||
| CVE-2025-21225 | Med | 0.38 | 5.9 | 0.01 | Jan 14, 2025 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | ||
| CVE-2024-38264 | Med | 0.38 | 5.9 | 0.01 | Nov 12, 2024 | Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability | ||
| CVE-2024-49023 | Med | 0.38 | 5.9 | 0.01 | Oct 18, 2024 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||
| CVE-2024-43587 | Med | 0.38 | 5.9 | 0.01 | Oct 17, 2024 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||
| CVE-2024-37985 | Med | 0.38 | 5.9 | 0.01 | Sep 17, 2024 | Windows Kernel Information Disclosure Vulnerability | ||
| CVE-2024-43472 | Med | 0.38 | 5.8 | 0.00 | Aug 16, 2024 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||
| CVE-2024-38103 | Med | 0.38 | 5.9 | 0.00 | Jul 25, 2024 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||
| CVE-2024-38099 | Med | 0.38 | 5.9 | 0.01 | Jul 9, 2024 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | ||
| CVE-2024-21344 | Med | 0.38 | 5.9 | 0.02 | Feb 13, 2024 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | ||
| CVE-2024-21343 | Med | 0.38 | 5.9 | 0.02 | Feb 13, 2024 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | ||
| CVE-2024-21306 | Med | 0.38 | 5.7 | 0.06 | Jan 9, 2024 | Microsoft Bluetooth Driver Spoofing Vulnerability | ||
| CVE-2022-35747 | Med | 0.38 | 5.9 | 0.02 | May 31, 2023 | Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | ||
| CVE-2023-24900 | Med | 0.38 | 5.9 | 0.01 | May 9, 2023 | Windows NTLM Security Support Provider Information Disclosure Vulnerability | ||
| CVE-2022-41116 | Med | 0.38 | 5.9 | 0.01 | Nov 9, 2022 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | ||
| CVE-2022-41090 | Med | 0.38 | 5.9 | 0.01 | Nov 9, 2022 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | ||
| CVE-2022-41064 | Med | 0.38 | 5.8 | 0.01 | Nov 9, 2022 | .NET Framework Information Disclosure Vulnerability | ||
| CVE-2022-37965 | Med | 0.38 | 5.9 | 0.01 | Oct 11, 2022 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | ||
| CVE-2022-23278 | Med | 0.38 | 5.9 | 0.02 | Mar 9, 2022 | Microsoft Defender for Endpoint Spoofing Vulnerability | ||
| CVE-2022-23255 | Med | 0.38 | 5.9 | 0.01 | Feb 9, 2022 | Microsoft OneDrive for Android Security Feature Bypass Vulnerability | ||
| CVE-2020-1152 | Med | 0.38 | 5.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would have to log… | ||
| CVE-2019-1262 | Med | 0.38 | 5.4 | 0.03 | Sep 11, 2019 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | ||
| CVE-2019-0723 | Med | 0.38 | 5.8 | 0.05 | Aug 14, 2019 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To… | ||
| CVE-2019-0718 | Med | 0.38 | 5.8 | 0.05 | Aug 14, 2019 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To… | ||
| CVE-2019-0717 | Med | 0.38 | 5.8 | 0.05 | Aug 14, 2019 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To… | ||
| CVE-2019-0716 | Med | 0.38 | 5.8 | 0.04 | Aug 14, 2019 | A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected… | ||
| CVE-2019-0715 | Med | 0.38 | 5.8 | 0.05 | Aug 14, 2019 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To… | ||
| CVE-2019-0714 | Med | 0.38 | 5.8 | 0.05 | Aug 14, 2019 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To… | ||
| CVE-2019-1040 | Med | 0.38 | 5.3 | 0.48 | Jun 12, 2019 | A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security… |
- risk 0.39cvss 5.9epss 0.07
Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows…
- risk 0.39cvss 5.9epss 0.06
The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280.
- risk 0.39cvss 5.9epss 0.13
Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows…
- risk 0.39cvss 5.9epss 0.07
Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows…
- risk 0.39cvss 5.9epss 0.06
The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280.
- risk 0.39cvss 5.9epss 0.07
Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows…
- risk 0.39cvss 5.9epss 0.13
Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows…
- risk 0.39cvss 5.9epss 0.04
Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are configured to answer version queries, aka "Windows DNS Server Denial of Service Vulnerability".
- risk 0.39cvss 5.5epss 0.06
An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain…
- risk 0.39cvss 5.5epss 0.07
Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery…
- risk 0.39cvss 5.5epss 0.04
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
- risk 0.39cvss 5.5epss 0.07
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel…
- risk 0.39cvss 5.9epss 0.08
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure…
- risk 0.39cvss 5.9epss 0.04
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.
- risk 0.39cvss 5.5epss 0.02
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device,…
- risk 0.38cvss 5.9epss 0.00
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by session_id only and does not verify that a TASK_END message came from the device that…
- risk 0.38cvss 4.0epss 0.63
Microsoft Defender Denial of Service Vulnerability
- risk 0.38cvss 5.9epss 0.01
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
- risk 0.38cvss 5.9epss 0.01
Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.
- risk 0.38cvss 5.9epss 0.01
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
- risk 0.38cvss 5.9epss 0.01
Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network.
- risk 0.38cvss 5.9epss 0.02
Windows Kerberos Information Disclosure Vulnerability
- risk 0.38cvss 5.9epss 0.01
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
- risk 0.38cvss 5.9epss 0.01
Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
- risk 0.38cvss 5.9epss 0.01
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- risk 0.38cvss 5.9epss 0.01
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- risk 0.38cvss 5.9epss 0.01
Windows Kernel Information Disclosure Vulnerability
- risk 0.38cvss 5.8epss 0.00
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- risk 0.38cvss 5.9epss 0.00
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
- risk 0.38cvss 5.9epss 0.01
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
- risk 0.38cvss 5.9epss 0.02
Windows Network Address Translation (NAT) Denial of Service Vulnerability
- risk 0.38cvss 5.9epss 0.02
Windows Network Address Translation (NAT) Denial of Service Vulnerability
- risk 0.38cvss 5.7epss 0.06
Microsoft Bluetooth Driver Spoofing Vulnerability
- risk 0.38cvss 5.9epss 0.02
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
- risk 0.38cvss 5.9epss 0.01
Windows NTLM Security Support Provider Information Disclosure Vulnerability
- risk 0.38cvss 5.9epss 0.01
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
- risk 0.38cvss 5.9epss 0.01
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
- risk 0.38cvss 5.8epss 0.01
.NET Framework Information Disclosure Vulnerability
- risk 0.38cvss 5.9epss 0.01
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
- risk 0.38cvss 5.9epss 0.02
Microsoft Defender for Endpoint Spoofing Vulnerability
- risk 0.38cvss 5.9epss 0.01
Microsoft OneDrive for Android Security Feature Bypass Vulnerability
- risk 0.38cvss 5.8epss 0.01
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would have to log…
- risk 0.38cvss 5.4epss 0.03
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
- risk 0.38cvss 5.8epss 0.05
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To…
- risk 0.38cvss 5.8epss 0.05
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To…
- risk 0.38cvss 5.8epss 0.05
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To…
- risk 0.38cvss 5.8epss 0.04
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected…
- risk 0.38cvss 5.8epss 0.05
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To…
- risk 0.38cvss 5.8epss 0.05
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To…
- risk 0.38cvss 5.3epss 0.48
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security…
Page 164 of 287