VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2017-8554MedJun 29, 2017
    risk 0.31cvss 4.7epss 0.02

    The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially…

  • CVE-2017-8553MedJun 15, 2017
    risk 0.31cvss 4.7epss 0.03

    An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure…

  • CVE-2017-0073MedMar 17, 2017
    risk 0.31cvss 4.3epss 0.33

    The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from…

  • CVE-2017-0049MedMar 17, 2017
    risk 0.31cvss 4.3epss 0.39

    The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." This vulnerability is different from those described in…

  • CVE-2017-0011MedMar 17, 2017
    risk 0.31cvss 4.3epss 0.42

    Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.

  • CVE-2017-0009MedMar 17, 2017
    risk 0.31cvss 4.3epss 0.40

    Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0011,…

  • CVE-2017-0008MedMar 17, 2017
    risk 0.31cvss 4.3epss 0.37

    Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009 and…

  • CVE-2016-7218MedNov 10, 2016
    risk 0.31cvss 4.7epss 0.03

    Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive…

  • CVE-2016-3258MedJul 13, 2016
    risk 0.31cvss 4.7epss 0.01

    Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka…

  • CVE-2026-48562MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-47641MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-47640MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-47638MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-47637MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-45483MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-45479MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-45468MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-45467MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-45462MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-26175MedApr 14, 2026
    risk 0.30cvss 4.6epss 0.00

    Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2026-20945MedApr 14, 2026
    risk 0.30cvss 4.6epss 0.25

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-20928MedApr 14, 2026
    risk 0.30cvss 4.6epss 0.00

    Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2025-21215MedJan 14, 2025
    risk 0.30cvss 4.6epss 0.01

    Secure Boot Security Feature Bypass Vulnerability

  • CVE-2025-21213MedJan 14, 2025
    risk 0.30cvss 4.6epss 0.01

    Secure Boot Security Feature Bypass Vulnerability

  • CVE-2024-49087MedDec 12, 2024
    risk 0.30cvss 4.6epss 0.01

    Windows Mobile Broadband Driver Information Disclosure Vulnerability

  • CVE-2024-21340MedFeb 13, 2024
    risk 0.30cvss 4.6epss 0.01

    Windows Kernel Information Disclosure Vulnerability

  • CVE-2023-36769MedNov 6, 2023
    risk 0.30cvss 4.6epss 0.00

    Microsoft OneNote Spoofing Vulnerability

  • CVE-2023-35394MedAug 8, 2023
    risk 0.30cvss 4.6epss 0.01

    Azure HDInsight Jupyter Notebook Spoofing Vulnerability

  • CVE-2022-41099MedNov 9, 2022
    risk 0.30cvss 4.6epss 0.04

    BitLocker Security Feature Bypass Vulnerability

  • CVE-2022-21905MedJan 11, 2022
    risk 0.30cvss 4.6epss 0.01

    Windows Hyper-V Security Feature Bypass Vulnerability

  • CVE-2022-21900MedJan 11, 2022
    risk 0.30cvss 4.6epss 0.01

    Windows Hyper-V Security Feature Bypass Vulnerability

  • CVE-2021-26439MedSep 2, 2021
    risk 0.30cvss 4.6epss 0.02

    Microsoft Edge for Android Information Disclosure Vulnerability

  • CVE-2021-26418MedMay 11, 2021
    risk 0.30cvss 4.6epss 0.01

    Microsoft SharePoint Server Spoofing Vulnerability

  • CVE-2021-24104MedMar 11, 2021
    risk 0.30cvss 4.6epss 0.01

    Microsoft SharePoint Server Spoofing Vulnerability

  • CVE-2021-1717MedJan 12, 2021
    risk 0.30cvss 4.6epss 0.02

    Microsoft SharePoint Server Spoofing Vulnerability

  • CVE-2021-1641MedJan 12, 2021
    risk 0.30cvss 4.6epss 0.02

    Microsoft SharePoint Server Spoofing Vulnerability

  • CVE-2020-1205MedSep 11, 2020
    risk 0.30cvss 4.6epss 0.02

    A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected…

  • CVE-2020-0943MedApr 15, 2020
    risk 0.30cvss 4.6epss 0.01

    An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles.This could allow an unauthenticated attacker to view notifications, aka 'Microsoft YourPhone…

  • CVE-2019-1460MedJan 24, 2020
    risk 0.30cvss 4.6epss 0.01

    A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'.

  • CVE-2019-1368MedOct 10, 2019
    risk 0.30cvss 4.6epss 0.01

    A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.

  • CVE-2019-1294MedSep 11, 2019
    risk 0.30cvss 4.6epss 0.01

    A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.

  • CVE-2019-0622MedJan 8, 2019
    risk 0.30cvss 4.6epss 0.02

    An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35.

  • CVE-2018-8566MedNov 14, 2018
    risk 0.30cvss 4.6epss 0.01

    A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.

  • CVE-2018-8253MedAug 15, 2018
    risk 0.30cvss 4.6epss 0.02

    An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10.

  • CVE-2017-0140MedMar 17, 2017
    risk 0.30cvss 4.2epss 0.29

    Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135.

  • CVE-2017-0066MedMar 17, 2017
    risk 0.30cvss 4.2epss 0.30

    Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140.

  • CVE-2017-0065MedMar 17, 2017
    risk 0.30cvss 4.3epss 0.27

    Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017,…

  • CVE-2016-0059MedFeb 10, 2016
    risk 0.30cvss 4.3epss 0.24

    The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability."

  • CVE-2016-0005MedJan 13, 2016
    risk 0.30cvss 4.3epss 0.28

    Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability."

  • CVE-2007-5460MedOct 15, 2007
    risk 0.30cvss 4.6epss 0.02

    Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained…

Page 191 of 287