VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2018-8326MedJul 11, 2018
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Open Source Customization for Active…

  • CVE-2018-8323MedJul 11, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This…

  • CVE-2018-8307MedJul 11, 2018
    risk 0.35cvss 5.3epss 0.03

    A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows…

  • CVE-2018-8299MedJul 11, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This…

  • CVE-2018-8222MedJul 11, 2018
    risk 0.35cvss 5.3epss 0.02

    A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,…

  • CVE-2018-8254MedJun 14, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server,…

  • CVE-2018-8252MedJun 14, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This…

  • CVE-2018-8247MedJun 14, 2018
    risk 0.35cvss 5.4epss 0.03

    An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID…

  • CVE-2018-8221MedJun 14, 2018
    risk 0.35cvss 5.3epss 0.02

    A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,…

  • CVE-2018-8217MedJun 14, 2018
    risk 0.35cvss 5.3epss 0.02

    A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10.…

  • CVE-2018-8216MedJun 14, 2018
    risk 0.35cvss 5.3epss 0.02

    A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10.…

  • CVE-2018-8215MedJun 14, 2018
    risk 0.35cvss 5.3epss 0.02

    A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,…

  • CVE-2018-8212MedJun 14, 2018
    risk 0.35cvss 5.3epss 0.02

    A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,…

  • CVE-2018-8211MedJun 14, 2018
    risk 0.35cvss 5.3epss 0.02

    A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows 10 Servers, Windows 10.…

  • CVE-2018-1040MedJun 14, 2018
    risk 0.35cvss 5.3epss 0.07

    A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka "Windows Code Integrity Module Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server…

  • CVE-2018-8142MedMay 21, 2018
    risk 0.35cvss 5.3epss 0.01

    A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035.

  • CVE-2018-8168MedMay 9, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server,…

  • CVE-2018-8159MedMay 9, 2018
    risk 0.35cvss 5.4epss 0.03

    An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2018-8156MedMay 9, 2018
    risk 0.35cvss 5.4epss 0.03

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint,…

  • CVE-2018-8155MedMay 9, 2018
    risk 0.35cvss 5.4epss 0.03

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This…

  • CVE-2018-8153MedMay 9, 2018
    risk 0.35cvss 5.4epss 0.03

    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2018-8152MedMay 9, 2018
    risk 0.35cvss 5.4epss 0.03

    An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2018-8149MedMay 9, 2018
    risk 0.35cvss 5.4epss 0.03

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server,…

  • CVE-2018-8132MedMay 9, 2018
    risk 0.35cvss 5.3epss 0.01

    A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854,…

  • CVE-2018-8129MedMay 9, 2018
    risk 0.35cvss 5.3epss 0.01

    A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854,…

  • CVE-2018-0958MedMay 9, 2018
    risk 0.35cvss 5.3epss 0.01

    A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854,…

  • CVE-2018-0854MedMay 9, 2018
    risk 0.35cvss 5.3epss 0.01

    A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from…

  • CVE-2018-1035MedApr 19, 2018
    risk 0.35cvss 5.3epss 0.01

    A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers.

  • CVE-2018-1034MedApr 12, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This…

  • CVE-2018-1032MedApr 12, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server,…

  • CVE-2018-1014MedApr 12, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This…

  • CVE-2018-1007MedApr 12, 2018
    risk 0.35cvss 5.3epss 0.07

    An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-0950.

  • CVE-2018-1005MedApr 12, 2018
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This…

  • CVE-2018-1000MedApr 12, 2018
    risk 0.35cvss 5.3epss 0.08

    An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE…

  • CVE-2018-0981MedApr 12, 2018
    risk 0.35cvss 5.3epss 0.06

    An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE…

  • CVE-2018-0976MedApr 12, 2018
    risk 0.35cvss 5.3epss 0.05

    A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability." This affects Windows 7, Windows…

  • CVE-2018-0957MedApr 12, 2018
    risk 0.35cvss 5.3epss 0.02

    An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows Server 2012 R2,…

  • CVE-2018-0890MedApr 12, 2018
    risk 0.35cvss 5.3epss 0.04

    A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings, aka "Active Directory Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

  • CVE-2018-0869MedFeb 15, 2018
    risk 0.35cvss 5.4epss 0.02

    SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".

  • CVE-2018-0864MedFeb 15, 2018
    risk 0.35cvss 5.4epss 0.03

    SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability".

  • CVE-2018-0827MedFeb 15, 2018
    risk 0.35cvss 5.3epss 0.01

    Windows Scripting Host (WSH) in Windows 10 versions 1703 and 1709 and Windows Server, version 1709 allows a Device Guard security feature bypass vulnerability due to the way objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability".

  • CVE-2018-0800MedJan 4, 2018
    risk 0.35cvss 5.3epss 0.07

    Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from…

  • CVE-2018-0741MedJan 4, 2018
    risk 0.35cvss 5.3epss 0.07

    The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Microsoft Color Management Information Disclosure Vulnerability".

  • CVE-2017-11919MedDec 12, 2017
    risk 0.35cvss 5.3epss 0.06

    ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and…

  • CVE-2017-11887MedDec 12, 2017
    risk 0.35cvss 5.3epss 0.06

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the…

  • CVE-2017-11834MedNov 15, 2017
    risk 0.35cvss 5.3epss 0.13

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain…

  • CVE-2017-8715MedOct 13, 2017
    risk 0.35cvss 5.3epss 0.02

    The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass".

  • CVE-2017-11820MedOct 13, 2017
    risk 0.35cvss 5.4epss 0.02

    Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes…

  • CVE-2017-11777MedOct 13, 2017
    risk 0.35cvss 5.4epss 0.02

    Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes…

  • CVE-2017-11775MedOct 13, 2017
    risk 0.35cvss 5.4epss 0.02

    Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes…

Page 185 of 287