Vendor CVEs
Microsoft
All CVEs
14,319 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-0612 | Med | 0.38 | 5.3 | 0.11 | Apr 8, 2019 | A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass Vulnerability'. | ||
| CVE-2018-0885 | Med | 0.38 | 5.8 | 0.05 | Mar 14, 2018 | The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to… | ||
| CVE-2017-11830 | Med | 0.38 | 5.3 | 0.03 | Nov 15, 2017 | Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability". | ||
| CVE-2017-0194 | Med | 0.38 | 5.5 | 0.26 | Apr 12, 2017 | Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." | ||
| CVE-2017-0191 | Med | 0.38 | 5.8 | 0.05 | Apr 12, 2017 | A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could… | ||
| CVE-2017-0186 | Med | 0.38 | 5.8 | 0.05 | Apr 12, 2017 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating… | ||
| CVE-2017-0185 | Med | 0.38 | 5.8 | 0.06 | Apr 12, 2017 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating… | ||
| CVE-2017-0183 | Med | 0.38 | 5.8 | 0.04 | Apr 12, 2017 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating… | ||
| CVE-2017-0182 | Med | 0.38 | 5.8 | 0.04 | Apr 12, 2017 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating… | ||
| CVE-2017-0179 | Med | 0.38 | 5.8 | 0.04 | Apr 12, 2017 | A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service… | ||
| CVE-2017-0168 | Med | 0.38 | 5.8 | 0.06 | Apr 12, 2017 | An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an… | ||
| CVE-2017-0105 | Med | 0.38 | 5.5 | 0.30 | Mar 17, 2017 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a… | ||
| CVE-2016-3263 | Med | 0.38 | 5.5 | 0.32 | Oct 14, 2016 | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for… | ||
| CVE-2016-3262 | Med | 0.38 | 5.5 | 0.32 | Oct 14, 2016 | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for… | ||
| CVE-2016-3315 | Med | 0.38 | 5.5 | 0.30 | Aug 9, 2016 | Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability." | ||
| CVE-2016-3234 | Med | 0.38 | 5.5 | 0.24 | Jun 16, 2016 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1… | ||
| CVE-2016-3215 | Med | 0.38 | 5.5 | 0.34 | Jun 16, 2016 | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability… | ||
| CVE-2016-0028 | Med | 0.38 | 5.5 | 0.23 | Jun 16, 2016 | Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML… | ||
| CVE-2026-42915 | Med | 0.37 | 5.7 | 0.00 | Jun 9, 2026 | Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service over an adjacent network. | ||
| CVE-2026-23670 | Med | 0.37 | 5.7 | 0.00 | Apr 14, 2026 | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-23653 | Med | 0.37 | 5.7 | 0.01 | Apr 14, 2026 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-53719 | Med | 0.37 | 5.7 | 0.01 | Aug 12, 2025 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-53153 | Med | 0.37 | 5.7 | 0.01 | Aug 12, 2025 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-53148 | Med | 0.37 | 5.7 | 0.01 | Aug 12, 2025 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-53138 | Med | 0.37 | 5.7 | 0.01 | Aug 12, 2025 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-50157 | Med | 0.37 | 5.7 | 0.01 | Aug 12, 2025 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-50156 | Med | 0.37 | 5.7 | 0.01 | Aug 12, 2025 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-49722 | Med | 0.37 | 5.7 | 0.00 | Jul 8, 2025 | Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network. | ||
| CVE-2025-48002 | Med | 0.37 | 5.7 | 0.01 | Jul 8, 2025 | Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network. | ||
| CVE-2025-29974 | Med | 0.37 | 5.7 | 0.01 | May 13, 2025 | Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network. | ||
| CVE-2025-29817 | Med | 0.37 | 5.7 | 0.01 | Apr 15, 2025 | Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. | ||
| CVE-2024-43604 | Med | 0.37 | 5.7 | 0.01 | Oct 8, 2024 | Outlook for Android Elevation of Privilege Vulnerability | ||
| CVE-2024-35263 | Med | 0.37 | 5.7 | 0.02 | Jun 11, 2024 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | ||
| CVE-2024-26209 | Med | 0.37 | 5.5 | 0.15 | Apr 9, 2024 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | ||
| CVE-2024-26160 | Med | 0.37 | 5.5 | 0.11 | Mar 12, 2024 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | ||
| CVE-2024-21430 | Med | 0.37 | 5.7 | 0.01 | Mar 12, 2024 | Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability | ||
| CVE-2024-20695 | Med | 0.37 | 5.7 | 0.01 | Feb 13, 2024 | Skype for Business Information Disclosure Vulnerability | ||
| CVE-2024-20692 | Med | 0.37 | 5.7 | 0.01 | Jan 9, 2024 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | ||
| CVE-2023-28261 | Med | 0.37 | 5.7 | 0.01 | Apr 27, 2023 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||
| CVE-2023-21693 | Med | 0.37 | 5.7 | 0.01 | Feb 14, 2023 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | ||
| CVE-2022-30223 | Med | 0.37 | 5.7 | 0.01 | Jul 12, 2022 | Windows Hyper-V Information Disclosure Vulnerability | ||
| CVE-2022-22711 | Med | 0.37 | 5.7 | 0.01 | Jul 12, 2022 | Windows BitLocker Information Disclosure Vulnerability | ||
| CVE-2021-42288 | Med | 0.37 | 5.7 | 0.01 | Nov 10, 2021 | Windows Hello Security Feature Bypass Vulnerability | ||
| CVE-2021-38632 | Med | 0.37 | 5.7 | 0.01 | Sep 15, 2021 | BitLocker Security Feature Bypass Vulnerability | ||
| CVE-2021-34466 | Med | 0.37 | 5.7 | 0.01 | Jul 16, 2021 | Windows Hello Security Feature Bypass Vulnerability | ||
| CVE-2021-31965 | Med | 0.37 | 5.7 | 0.05 | Jun 8, 2021 | Microsoft SharePoint Server Information Disclosure Vulnerability | ||
| CVE-2021-31178 | Med | 0.37 | 5.5 | 0.16 | May 11, 2021 | Microsoft Office Information Disclosure Vulnerability | ||
| CVE-2021-28444 | Med | 0.37 | 5.7 | 0.02 | Apr 13, 2021 | Windows Hyper-V Security Feature Bypass Vulnerability | ||
| CVE-2021-27079 | Med | 0.37 | 5.7 | 0.03 | Apr 13, 2021 | Windows Media Photo Codec Information Disclosure Vulnerability | ||
| CVE-2021-24114 | Med | 0.37 | 5.7 | 0.03 | Feb 25, 2021 | Microsoft Teams iOS Information Disclosure Vulnerability |
- risk 0.38cvss 5.3epss 0.11
A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.
- risk 0.38cvss 5.8epss 0.05
The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to…
- risk 0.38cvss 5.3epss 0.03
Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability".
- risk 0.38cvss 5.5epss 0.26
Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
- risk 0.38cvss 5.8epss 0.05
A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could…
- risk 0.38cvss 5.8epss 0.05
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating…
- risk 0.38cvss 5.8epss 0.06
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating…
- risk 0.38cvss 5.8epss 0.04
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating…
- risk 0.38cvss 5.8epss 0.04
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating…
- risk 0.38cvss 5.8epss 0.04
A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service…
- risk 0.38cvss 5.8epss 0.06
An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an…
- risk 0.38cvss 5.5epss 0.30
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a…
- risk 0.38cvss 5.5epss 0.32
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for…
- risk 0.38cvss 5.5epss 0.32
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for…
- risk 0.38cvss 5.5epss 0.30
Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability."
- risk 0.38cvss 5.5epss 0.24
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1…
- risk 0.38cvss 5.5epss 0.34
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability…
- risk 0.38cvss 5.5epss 0.23
Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML…
- risk 0.37cvss 5.7epss 0.00
Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service over an adjacent network.
- risk 0.37cvss 5.7epss 0.00
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
- risk 0.37cvss 5.7epss 0.01
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
- risk 0.37cvss 5.7epss 0.01
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
- risk 0.37cvss 5.7epss 0.01
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
- risk 0.37cvss 5.7epss 0.01
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
- risk 0.37cvss 5.7epss 0.01
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
- risk 0.37cvss 5.7epss 0.01
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
- risk 0.37cvss 5.7epss 0.01
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
- risk 0.37cvss 5.7epss 0.00
Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.
- risk 0.37cvss 5.7epss 0.01
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.
- risk 0.37cvss 5.7epss 0.01
Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.
- risk 0.37cvss 5.7epss 0.01
Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.
- risk 0.37cvss 5.7epss 0.01
Outlook for Android Elevation of Privilege Vulnerability
- risk 0.37cvss 5.7epss 0.02
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
- risk 0.37cvss 5.5epss 0.15
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
- risk 0.37cvss 5.5epss 0.11
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
- risk 0.37cvss 5.7epss 0.01
Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability
- risk 0.37cvss 5.7epss 0.01
Skype for Business Information Disclosure Vulnerability
- risk 0.37cvss 5.7epss 0.01
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
- risk 0.37cvss 5.7epss 0.01
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- risk 0.37cvss 5.7epss 0.01
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
- risk 0.37cvss 5.7epss 0.01
Windows Hyper-V Information Disclosure Vulnerability
- risk 0.37cvss 5.7epss 0.01
Windows BitLocker Information Disclosure Vulnerability
- risk 0.37cvss 5.7epss 0.01
Windows Hello Security Feature Bypass Vulnerability
- risk 0.37cvss 5.7epss 0.01
BitLocker Security Feature Bypass Vulnerability
- risk 0.37cvss 5.7epss 0.01
Windows Hello Security Feature Bypass Vulnerability
- risk 0.37cvss 5.7epss 0.05
Microsoft SharePoint Server Information Disclosure Vulnerability
- risk 0.37cvss 5.5epss 0.16
Microsoft Office Information Disclosure Vulnerability
- risk 0.37cvss 5.7epss 0.02
Windows Hyper-V Security Feature Bypass Vulnerability
- risk 0.37cvss 5.7epss 0.03
Windows Media Photo Codec Information Disclosure Vulnerability
- risk 0.37cvss 5.7epss 0.03
Microsoft Teams iOS Information Disclosure Vulnerability
Page 165 of 287