VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2019-1480MedDec 10, 2019
    risk 0.28cvss 4.3epss 0.05

    An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1481.

  • CVE-2019-19616MedDec 6, 2019
    risk 0.28cvss 4.3epss 0.01

    An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the…

  • CVE-2019-1413MedNov 12, 2019
    risk 0.28cvss 4.3epss 0.01

    A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.

  • CVE-2019-1357MedOct 10, 2019
    risk 0.28cvss 4.3epss 0.02

    A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608.

  • CVE-2019-0608MedOct 10, 2019
    risk 0.28cvss 4.3epss 0.02

    A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357.

  • CVE-2019-1220MedSep 11, 2019
    risk 0.28cvss 4.3epss 0.04

    A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'.

  • CVE-2019-1204MedAug 14, 2019
    risk 0.28cvss 4.3epss 0.04

    An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a…

  • CVE-2019-1192MedAug 14, 2019
    risk 0.28cvss 4.3epss 0.04

    A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An…

  • CVE-2019-1172MedAug 14, 2019
    risk 0.28cvss 4.3epss 0.04

    An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. To exploit the vulnerability, an attacker would…

  • CVE-2019-1030MedAug 14, 2019
    risk 0.28cvss 4.3epss 0.06

    An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability,…

  • CVE-2019-0920MedJun 12, 2019
    risk 0.28cvss 4.3epss 0.06

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who…

  • CVE-2019-0762MedApr 9, 2019
    risk 0.28cvss 4.3epss 0.04

    A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'.

  • CVE-2019-0654MedMar 5, 2019
    risk 0.28cvss 4.3epss 0.03

    A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects, aka 'Microsoft Browser Spoofing Vulnerability'.

  • CVE-2019-0643MedMar 5, 2019
    risk 0.28cvss 4.3epss 0.05

    An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'.

  • CVE-2018-8604MedDec 12, 2018
    risk 0.28cvss 4.3epss 0.03

    A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2018-8580MedDec 12, 2018
    risk 0.28cvss 4.3epss 0.04

    An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability."…

  • CVE-2018-8578MedNov 14, 2018
    risk 0.28cvss 4.3epss 0.05

    An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.

  • CVE-2018-8564MedNov 14, 2018
    risk 0.28cvss 4.3epss 0.03

    A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.

  • CVE-2018-8545MedNov 14, 2018
    risk 0.28cvss 4.3epss 0.06

    An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.

  • CVE-2018-8530MedOct 10, 2018
    risk 0.28cvss 4.3epss 0.06

    A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8512.

  • CVE-2018-8320MedOct 10, 2018
    risk 0.28cvss 4.3epss 0.05

    A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008…

  • CVE-2018-8425MedSep 13, 2018
    risk 0.28cvss 4.3epss 0.03

    A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.

  • CVE-2018-8388MedAug 15, 2018
    risk 0.28cvss 4.3epss 0.04

    A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383.

  • CVE-2018-8383MedAug 15, 2018
    risk 0.28cvss 4.3epss 0.06

    A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388.

  • CVE-2018-8374MedAug 15, 2018
    risk 0.28cvss 4.3epss 0.03

    A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2018-8358MedAug 15, 2018
    risk 0.28cvss 4.3epss 0.05

    A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.

  • CVE-2018-8325MedJul 11, 2018
    risk 0.28cvss 4.3epss 0.06

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8324.

  • CVE-2018-8235MedJun 14, 2018
    risk 0.28cvss 4.3epss 0.03

    A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.

  • CVE-2018-8234MedJun 14, 2018
    risk 0.28cvss 4.3epss 0.06

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0871.

  • CVE-2018-0871MedJun 14, 2018
    risk 0.28cvss 4.3epss 0.06

    An information disclosure vulnerability exists when Edge improperly marks files, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8234.

  • CVE-2018-8123MedMay 9, 2018
    risk 0.28cvss 4.3epss 0.06

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021.

  • CVE-2018-8112MedMay 9, 2018
    risk 0.28cvss 4.3epss 0.03

    A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.

  • CVE-2018-1025MedMay 9, 2018
    risk 0.28cvss 4.3epss 0.06

    An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge.

  • CVE-2018-1021MedMay 9, 2018
    risk 0.28cvss 4.3epss 0.06

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123.

  • CVE-2018-1037MedApr 12, 2018
    risk 0.28cvss 4.3epss 0.06

    An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.

  • CVE-2018-0998MedApr 12, 2018
    risk 0.28cvss 4.3epss 0.06

    An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892.

  • CVE-2018-0989MedApr 12, 2018
    risk 0.28cvss 4.3epss 0.05

    An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE…

  • CVE-2018-0987MedApr 12, 2018
    risk 0.28cvss 4.3epss 0.06

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.…

  • CVE-2018-0892MedApr 12, 2018
    risk 0.28cvss 4.3epss 0.05

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0998.

  • CVE-2018-0932MedMar 14, 2018
    risk 0.28cvss 4.3epss 0.06

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows…

  • CVE-2018-0929MedMar 14, 2018
    risk 0.28cvss 4.3epss 0.06

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles…

  • CVE-2018-0927MedMar 14, 2018
    risk 0.28cvss 4.3epss 0.05

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows…

  • CVE-2018-0855MedFeb 15, 2018
    risk 0.28cvss 4.3epss 0.06

    The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This…

  • CVE-2018-0847MedFeb 15, 2018
    risk 0.28cvss 4.3epss 0.06

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects…

  • CVE-2018-0839MedFeb 15, 2018
    risk 0.28cvss 4.3epss 0.06

    Microsoft Edge in Microsoft Windows 10 1703 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0763.

  • CVE-2018-0771MedFeb 15, 2018
    risk 0.28cvss 4.3epss 0.06

    Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka "Microsoft Edge Security Feature Bypass".

  • CVE-2018-0803MedJan 4, 2018
    risk 0.28cvss 4.2epss 0.04

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of…

  • CVE-2017-11844MedNov 15, 2017
    risk 0.28cvss 4.3epss 0.06

    Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".…

  • CVE-2017-11803MedNov 15, 2017
    risk 0.28cvss 4.3epss 0.06

    Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".…

  • CVE-2017-11794MedOct 13, 2017
    risk 0.28cvss 4.3epss 0.05

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8726…

Page 195 of 287