Vendor CVEs
Microsoft
All CVEs
14,319 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-1708 | Med | 0.37 | 5.7 | 0.03 | Jan 12, 2021 | Windows GDI+ Information Disclosure Vulnerability | ||
| CVE-2020-10146 | Med | 0.37 | 5.7 | 0.02 | Dec 9, 2020 | The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This… | ||
| CVE-2020-1599 | Med | 0.37 | 5.5 | 0.19 | Nov 11, 2020 | Windows Spoofing Vulnerability | ||
| CVE-2020-17083 | Med | 0.37 | 5.5 | 0.12 | Nov 11, 2020 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2020-16983 | Med | 0.37 | 5.7 | 0.01 | Nov 11, 2020 | Azure Sphere Tampering Vulnerability | ||
| CVE-2019-1171 | Med | 0.37 | 5.6 | 0.01 | Aug 14, 2019 | An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log… | ||
| CVE-2019-0950 | Med | 0.37 | 5.7 | 0.02 | May 16, 2019 | A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0951. | ||
| CVE-2019-0949 | Med | 0.37 | 5.7 | 0.02 | May 16, 2019 | A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951. | ||
| CVE-2019-0540 | Med | 0.37 | 5.5 | 0.13 | Mar 5, 2019 | A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | ||
| CVE-2018-8472 | Med | 0.37 | 5.5 | 0.19 | Oct 10, 2018 | An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows… | ||
| CVE-2018-8479 | Med | 0.37 | 5.6 | 0.02 | Sep 13, 2018 | A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK. | ||
| CVE-2018-8429 | Med | 0.37 | 5.5 | 0.12 | Sep 13, 2018 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. | ||
| CVE-2018-8382 | Med | 0.37 | 5.5 | 0.12 | Aug 15, 2018 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. | ||
| CVE-2018-8246 | Med | 0.37 | 5.5 | 0.17 | Jun 14, 2018 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. | ||
| CVE-2018-8163 | Med | 0.37 | 5.5 | 0.12 | May 9, 2018 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Excel. | ||
| CVE-2018-0941 | Med | 0.37 | 5.5 | 0.13 | Mar 14, 2018 | Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from… | ||
| CVE-2018-0888 | Med | 0.37 | 5.6 | 0.01 | Mar 14, 2018 | The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an… | ||
| CVE-2017-11934 | Med | 0.37 | 5.5 | 0.13 | Dec 12, 2017 | Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability". | ||
| CVE-2017-11853 | Med | 0.37 | 5.5 | 0.11 | Nov 15, 2017 | Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted… | ||
| CVE-2017-11816 | Med | 0.37 | 5.5 | 0.20 | Oct 13, 2017 | The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure… | ||
| CVE-2017-8710 | Med | 0.37 | 5.5 | 0.10 | Sep 13, 2017 | The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input… | ||
| CVE-2017-8572 | Med | 0.37 | 5.5 | 0.13 | Aug 1, 2017 | Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook… | ||
| CVE-2017-0215 | Med | 0.37 | 5.3 | 0.36 | Jun 15, 2017 | Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security… | ||
| CVE-2017-0204 | Med | 0.37 | 5.5 | 0.19 | Apr 12, 2017 | Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." | ||
| CVE-2017-0029 | Med | 0.37 | 5.5 | 0.16 | Mar 17, 2017 | Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability." | ||
| CVE-2017-0007 | Med | 0.37 | 5.5 | 0.11 | Mar 17, 2017 | Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability." | ||
| CVE-2016-7267 | Med | 0.37 | 5.5 | 0.19 | Dec 20, 2016 | Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." | ||
| CVE-2016-7244 | Med | 0.37 | 5.5 | 0.16 | Nov 10, 2016 | Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability." | ||
| CVE-2016-3279 | Med | 0.37 | 5.5 | 0.16 | Jul 13, 2016 | Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and… | ||
| CVE-2016-3277 | Med | 0.37 | 5.3 | 0.32 | Jul 13, 2016 | Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | ||
| CVE-2026-48566 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | ||
| CVE-2026-45647 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45634 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally. | ||
| CVE-2026-45606 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally. | ||
| CVE-2026-45604 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally. | ||
| CVE-2026-45594 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally. | ||
| CVE-2026-44821 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-44814 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | ||
| CVE-2026-44805 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally. | ||
| CVE-2026-42973 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||
| CVE-2026-42972 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally. | ||
| CVE-2026-42971 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||
| CVE-2026-42970 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||
| CVE-2026-42969 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||
| CVE-2026-42968 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally. | ||
| CVE-2026-42906 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally. | ||
| CVE-2026-41612 | Med | 0.36 | 5.5 | 0.01 | May 12, 2026 | Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-35440 | Med | 0.36 | 5.5 | 0.00 | May 12, 2026 | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-35419 | Med | 0.36 | 5.5 | 0.00 | May 12, 2026 | Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | ||
| CVE-2026-34339 | Med | 0.36 | 5.5 | 0.00 | May 12, 2026 | Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally. |
- risk 0.37cvss 5.7epss 0.03
Windows GDI+ Information Disclosure Vulnerability
- risk 0.37cvss 5.7epss 0.02
The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This…
- risk 0.37cvss 5.5epss 0.19
Windows Spoofing Vulnerability
- risk 0.37cvss 5.5epss 0.12
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.37cvss 5.7epss 0.01
Azure Sphere Tampering Vulnerability
- risk 0.37cvss 5.6epss 0.01
An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log…
- risk 0.37cvss 5.7epss 0.02
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0951.
- risk 0.37cvss 5.7epss 0.02
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951.
- risk 0.37cvss 5.5epss 0.13
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
- risk 0.37cvss 5.5epss 0.19
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows…
- risk 0.37cvss 5.6epss 0.02
A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK.
- risk 0.37cvss 5.5epss 0.12
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
- risk 0.37cvss 5.5epss 0.12
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
- risk 0.37cvss 5.5epss 0.17
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
- risk 0.37cvss 5.5epss 0.12
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Excel.
- risk 0.37cvss 5.5epss 0.13
Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from…
- risk 0.37cvss 5.6epss 0.01
The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an…
- risk 0.37cvss 5.5epss 0.13
Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".
- risk 0.37cvss 5.5epss 0.11
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted…
- risk 0.37cvss 5.5epss 0.20
The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure…
- risk 0.37cvss 5.5epss 0.10
The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input…
- risk 0.37cvss 5.5epss 0.13
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook…
- risk 0.37cvss 5.3epss 0.36
Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security…
- risk 0.37cvss 5.5epss 0.19
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."
- risk 0.37cvss 5.5epss 0.16
Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."
- risk 0.37cvss 5.5epss 0.11
Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability."
- risk 0.37cvss 5.5epss 0.19
Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."
- risk 0.37cvss 5.5epss 0.16
Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."
- risk 0.37cvss 5.5epss 0.16
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and…
- risk 0.37cvss 5.3epss 0.32
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.
- risk 0.36cvss 5.5epss 0.00
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.00
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.
Page 166 of 287