VYPR

Vendor CVEs

Microsoft

All CVEs

14,319 total · sorted by risk
  • CVE-2021-1708MedJan 12, 2021
    risk 0.37cvss 5.7epss 0.03

    Windows GDI+ Information Disclosure Vulnerability

  • CVE-2020-10146MedDec 9, 2020
    risk 0.37cvss 5.7epss 0.02

    The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This…

  • CVE-2020-1599MedNov 11, 2020
    risk 0.37cvss 5.5epss 0.19

    Windows Spoofing Vulnerability

  • CVE-2020-17083MedNov 11, 2020
    risk 0.37cvss 5.5epss 0.12

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2020-16983MedNov 11, 2020
    risk 0.37cvss 5.7epss 0.01

    Azure Sphere Tampering Vulnerability

  • CVE-2019-1171MedAug 14, 2019
    risk 0.37cvss 5.6epss 0.01

    An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log…

  • CVE-2019-0950MedMay 16, 2019
    risk 0.37cvss 5.7epss 0.02

    A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0951.

  • CVE-2019-0949MedMay 16, 2019
    risk 0.37cvss 5.7epss 0.02

    A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951.

  • CVE-2019-0540MedMar 5, 2019
    risk 0.37cvss 5.5epss 0.13

    A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'.

  • CVE-2018-8472MedOct 10, 2018
    risk 0.37cvss 5.5epss 0.19

    An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows…

  • CVE-2018-8479MedSep 13, 2018
    risk 0.37cvss 5.6epss 0.02

    A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK.

  • CVE-2018-8429MedSep 13, 2018
    risk 0.37cvss 5.5epss 0.12

    An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.

  • CVE-2018-8382MedAug 15, 2018
    risk 0.37cvss 5.5epss 0.12

    An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.

  • CVE-2018-8246MedJun 14, 2018
    risk 0.37cvss 5.5epss 0.17

    An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.

  • CVE-2018-8163MedMay 9, 2018
    risk 0.37cvss 5.5epss 0.12

    An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Excel.

  • CVE-2018-0941MedMar 14, 2018
    risk 0.37cvss 5.5epss 0.13

    Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from…

  • CVE-2018-0888MedMar 14, 2018
    risk 0.37cvss 5.6epss 0.01

    The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an…

  • CVE-2017-11934MedDec 12, 2017
    risk 0.37cvss 5.5epss 0.13

    Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".

  • CVE-2017-11853MedNov 15, 2017
    risk 0.37cvss 5.5epss 0.11

    Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted…

  • CVE-2017-11816MedOct 13, 2017
    risk 0.37cvss 5.5epss 0.20

    The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure…

  • CVE-2017-8710MedSep 13, 2017
    risk 0.37cvss 5.5epss 0.10

    The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input…

  • CVE-2017-8572MedAug 1, 2017
    risk 0.37cvss 5.5epss 0.13

    Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook…

  • CVE-2017-0215MedJun 15, 2017
    risk 0.37cvss 5.3epss 0.36

    Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security…

  • CVE-2017-0204MedApr 12, 2017
    risk 0.37cvss 5.5epss 0.19

    Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."

  • CVE-2017-0029MedMar 17, 2017
    risk 0.37cvss 5.5epss 0.16

    Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."

  • CVE-2017-0007MedMar 17, 2017
    risk 0.37cvss 5.5epss 0.11

    Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability."

  • CVE-2016-7267MedDec 20, 2016
    risk 0.37cvss 5.5epss 0.19

    Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."

  • CVE-2016-7244MedNov 10, 2016
    risk 0.37cvss 5.5epss 0.16

    Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."

  • CVE-2016-3279MedJul 13, 2016
    risk 0.37cvss 5.5epss 0.16

    Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and…

  • CVE-2016-3277MedJul 13, 2016
    risk 0.37cvss 5.3epss 0.32

    Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

  • CVE-2026-48566MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

  • CVE-2026-45647MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45634MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

  • CVE-2026-45606MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.

  • CVE-2026-45604MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

  • CVE-2026-45594MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

  • CVE-2026-44821MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

  • CVE-2026-44814MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

  • CVE-2026-44805MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.

  • CVE-2026-42973MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

  • CVE-2026-42972MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.

  • CVE-2026-42971MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

  • CVE-2026-42970MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

  • CVE-2026-42969MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

  • CVE-2026-42968MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.

  • CVE-2026-42906MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

  • CVE-2026-41612MedMay 12, 2026
    risk 0.36cvss 5.5epss 0.01

    Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.

  • CVE-2026-35440MedMay 12, 2026
    risk 0.36cvss 5.5epss 0.00

    Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

  • CVE-2026-35419MedMay 12, 2026
    risk 0.36cvss 5.5epss 0.00

    Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

  • CVE-2026-34339MedMay 12, 2026
    risk 0.36cvss 5.5epss 0.00

    Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.

Page 166 of 287