VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2017-8746MedSep 13, 2017
    risk 0.35cvss 5.3epss 0.01

    Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka "Device Guard Security Feature Bypass Vulnerability".

  • CVE-2017-8745MedSep 13, 2017
    risk 0.35cvss 5.4epss 0.02

    An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability".

  • CVE-2017-8716MedSep 13, 2017
    risk 0.35cvss 5.3epss 0.01

    Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles objects in memory, aka "Windows Security Feature Bypass Vulnerability".

  • CVE-2017-8713MedSep 13, 2017
    risk 0.35cvss 5.3epss 0.03

    The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a…

  • CVE-2017-8712MedSep 13, 2017
    risk 0.35cvss 5.3epss 0.02

    The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure…

  • CVE-2017-8711MedSep 13, 2017
    risk 0.35cvss 5.3epss 0.02

    The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability".…

  • CVE-2017-8707MedSep 13, 2017
    risk 0.35cvss 5.3epss 0.02

    The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input…

  • CVE-2017-8706MedSep 13, 2017
    risk 0.35cvss 5.3epss 0.02

    The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information…

  • CVE-2017-8704MedSep 13, 2017
    risk 0.35cvss 5.3epss 0.01

    The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability".

  • CVE-2017-8695MedSep 13, 2017
    risk 0.35cvss 5.3epss 0.10

    Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype…

  • CVE-2017-8629MedSep 13, 2017
    risk 0.35cvss 5.4epss 0.02

    Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability".

  • CVE-2017-11761MedSep 13, 2017
    risk 0.35cvss 5.3epss 0.07

    Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"

  • CVE-2017-8654MedAug 8, 2017
    risk 0.35cvss 5.4epss 0.02

    Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability".

  • CVE-2017-8650MedAug 8, 2017
    risk 0.35cvss 5.4epss 0.01

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".

  • CVE-2017-8637MedAug 8, 2017
    risk 0.35cvss 5.3epss 0.05

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability".

  • CVE-2017-8530MedJun 15, 2017
    risk 0.35cvss 5.4epss 0.02

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature…

  • CVE-2017-8514MedJun 15, 2017
    risk 0.35cvss 5.4epss 0.03

    An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability".

  • CVE-2017-0219MedJun 15, 2017
    risk 0.35cvss 5.3epss 0.01

    Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard…

  • CVE-2017-0218MedJun 15, 2017
    risk 0.35cvss 5.3epss 0.02

    Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard…

  • CVE-2017-0216MedJun 15, 2017
    risk 0.35cvss 5.3epss 0.01

    Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity…

  • CVE-2017-0173MedJun 15, 2017
    risk 0.35cvss 5.3epss 0.01

    Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security…

  • CVE-2017-0256MedMay 12, 2017
    risk 0.35cvss 5.3epss 0.04

    A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

  • CVE-2017-0255MedMay 12, 2017
    risk 0.35cvss 5.4epss 0.02

    Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability".

  • CVE-2017-0241MedMay 12, 2017
    risk 0.35cvss 5.3epss 0.03

    An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing…

  • CVE-2017-0195MedApr 12, 2017
    risk 0.35cvss 5.4epss 0.04

    Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run…

  • CVE-2017-0184MedApr 12, 2017
    risk 0.35cvss 5.4epss 0.02

    A denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179,…

  • CVE-2017-0178MedApr 12, 2017
    risk 0.35cvss 5.4epss 0.02

    A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system,…

  • CVE-2017-0169MedApr 12, 2017
    risk 0.35cvss 5.4epss 0.02

    An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information…

  • CVE-2017-0099MedMar 17, 2017
    risk 0.35cvss 5.4epss 0.01

    Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via…

  • CVE-2017-0098MedMar 17, 2017
    risk 0.35cvss 5.4epss 0.02

    Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those…

  • CVE-2017-0097MedMar 17, 2017
    risk 0.35cvss 5.4epss 0.01

    Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted…

  • CVE-2017-0076MedMar 17, 2017
    risk 0.35cvss 5.4epss 0.02

    Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted…

  • CVE-2017-0074MedMar 17, 2017
    risk 0.35cvss 5.4epss 0.01

    Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted…

  • CVE-2017-0062MedMar 17, 2017
    risk 0.35cvss 4.7epss 0.18

    The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from…

  • CVE-2017-0051MedMar 17, 2017
    risk 0.35cvss 5.4epss 0.03

    Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Hyper-V Network Switch Denial of Service Vulnerability." This vulnerability is different from those described in…

  • CVE-2017-0043MedMar 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory…

  • CVE-2016-7281MedDec 20, 2016
    risk 0.35cvss 5.3epss 0.14

    The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."

  • CVE-2016-7209MedNov 10, 2016
    risk 0.35cvss 5.3epss 0.09

    Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability."

  • CVE-2016-3392MedOct 14, 2016
    risk 0.35cvss 5.3epss 0.10

    The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Microsoft Browser Security Feature Bypass Vulnerability."

  • CVE-2016-3391MedOct 14, 2016
    risk 0.35cvss 5.3epss 0.08

    Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context-dependent attackers to discover credentials by leveraging access to a memory dump, aka "Microsoft Browser Information Disclosure Vulnerability."

  • CVE-2015-4000LowMay 21, 2015
    risk 0.35cvss 3.7epss 1.00

    The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by…

  • CVE-2026-55726medJul 2, 2026
    risk 0.34cvss 5.3epss 0.00

    The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container.

  • CVE-2026-45655MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.00

    Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2026-42914MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.01

    Windows Kerberos Denial of Service Vulnerability

  • CVE-2026-46544MedMay 27, 2026
    risk 0.34cvss 5.3epss 0.00

    Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied session_id values in WebSocket task messages and reuses an existing in-memory session object if that session_id already…

  • CVE-2026-32952MedApr 24, 2026
    risk 0.34cvss 5.3epss 0.01

    go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1…

  • CVE-2025-64667MedDec 9, 2025
    risk 0.34cvss 5.3epss 0.01

    User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-55229MedAug 21, 2025
    risk 0.34cvss 5.3epss 0.00

    Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2024-21397MedFeb 13, 2024
    risk 0.34cvss 5.3epss 0.01

    Microsoft Azure File Sync Elevation of Privilege Vulnerability

  • CVE-2024-21337MedJan 11, 2024
    risk 0.34cvss 5.2epss 0.00

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Page 186 of 287