VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2019-1032MedJun 12, 2019
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an…

  • CVE-2019-1031MedJun 12, 2019
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an…

  • CVE-2019-0948MedJun 12, 2019
    risk 0.35cvss 4.7epss 0.13

    An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external…

  • CVE-2019-1000MedMay 16, 2019
    risk 0.35cvss 5.3epss 0.02

    An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this, an attacker would need to…

  • CVE-2019-0979MedMay 16, 2019
    risk 0.35cvss 5.4epss 0.02

    A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872.

  • CVE-2019-0963MedMay 16, 2019
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

  • CVE-2019-0951MedMay 16, 2019
    risk 0.35cvss 5.4epss 0.02

    A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0950.

  • CVE-2019-0872MedMay 16, 2019
    risk 0.35cvss 5.4epss 0.02

    A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979.

  • CVE-2019-0733MedMay 16, 2019
    risk 0.35cvss 5.3epss 0.01

    A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'.

  • CVE-2019-0831MedApr 9, 2019
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0830.

  • CVE-2019-0830MedApr 9, 2019
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0831.

  • CVE-2019-0817MedApr 9, 2019
    risk 0.35cvss 5.4epss 0.02

    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.

  • CVE-2019-0778MedApr 9, 2019
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

  • CVE-2019-0777MedApr 9, 2019
    risk 0.35cvss 5.4epss 0.02

    A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.

  • CVE-2019-0768MedApr 9, 2019
    risk 0.35cvss 4.3epss 0.48

    A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'.…

  • CVE-2019-0743MedMar 5, 2019
    risk 0.35cvss 5.4epss 0.02

    A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0742.

  • CVE-2019-0742MedMar 5, 2019
    risk 0.35cvss 5.4epss 0.02

    A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0743.

  • CVE-2019-0646MedJan 17, 2019
    risk 0.35cvss 5.4epss 0.01

    A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.

  • CVE-2019-0624MedJan 17, 2019
    risk 0.35cvss 5.4epss 0.01

    A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.

  • CVE-2019-0562MedJan 8, 2019
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server,…

  • CVE-2019-0558MedJan 8, 2019
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server,…

  • CVE-2019-0557MedJan 8, 2019
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint. This CVE ID is…

  • CVE-2019-0556MedJan 8, 2019
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint. This CVE ID is…

  • CVE-2018-8650MedDec 12, 2018
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint.

  • CVE-2018-8652MedDec 12, 2018
    risk 0.35cvss 5.4epss 0.01

    A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka "Windows Azure Pack Cross Site Scripting Vulnerability." This affects Windows Azure Pack Rollup 13.1.

  • CVE-2018-8651MedDec 12, 2018
    risk 0.35cvss 5.4epss 0.01

    A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV.

  • CVE-2018-8608MedNov 14, 2018
    risk 0.35cvss 5.4epss 0.01

    A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability."…

  • CVE-2018-8607MedNov 14, 2018
    risk 0.35cvss 5.4epss 0.01

    A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability."…

  • CVE-2018-8606MedNov 14, 2018
    risk 0.35cvss 5.4epss 0.01

    A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability."…

  • CVE-2018-8605MedNov 14, 2018
    risk 0.35cvss 5.4epss 0.01

    A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability."…

  • CVE-2018-8602MedNov 14, 2018
    risk 0.35cvss 5.4epss 0.01

    A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.

  • CVE-2018-8572MedNov 14, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server,…

  • CVE-2018-8568MedNov 14, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server,…

  • CVE-2018-8567MedNov 14, 2018
    risk 0.35cvss 5.4epss 0.03

    An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation of Privilege Vulnerability."…

  • CVE-2018-8547MedNov 14, 2018
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directory Federation Services XSS…

  • CVE-2018-8417MedNov 14, 2018
    risk 0.35cvss 5.3epss 0.02

    A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard, aka "Microsoft JScript Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.

  • CVE-2018-8518MedOct 10, 2018
    risk 0.35cvss 5.4epss 0.03

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This…

  • CVE-2018-8512MedOct 10, 2018
    risk 0.35cvss 5.4epss 0.03

    A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is…

  • CVE-2018-8498MedOct 10, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This…

  • CVE-2018-8492MedOct 10, 2018
    risk 0.35cvss 5.3epss 0.02

    A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,…

  • CVE-2018-8488MedOct 10, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This…

  • CVE-2018-8480MedOct 10, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This…

  • CVE-2018-8448MedOct 10, 2018
    risk 0.35cvss 5.4epss 0.03

    An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2018-8434MedSep 13, 2018
    risk 0.35cvss 5.4epss 0.03

    An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Information Disclosure Vulnerability." This affects Windows 7, Windows…

  • CVE-2018-8431MedSep 13, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server,…

  • CVE-2018-8428MedSep 13, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This…

  • CVE-2018-8426MedSep 13, 2018
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server,…

  • CVE-2018-8337MedSep 13, 2018
    risk 0.35cvss 5.3epss 0.01

    A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka "Windows Subsystem for Linux Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers.

  • CVE-2018-8204MedAug 15, 2018
    risk 0.35cvss 5.3epss 0.01

    A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,…

  • CVE-2018-8200MedAug 15, 2018
    risk 0.35cvss 5.3epss 0.01

    A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,…

Page 184 of 287