VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2017-11790MedOct 13, 2017
    risk 0.28cvss 4.3epss 0.06

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's…

  • CVE-2017-8754MedSep 13, 2017
    risk 0.28cvss 4.2epss 0.03

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents,…

  • CVE-2017-8739MedSep 13, 2017
    risk 0.28cvss 4.3epss 0.06

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

  • CVE-2017-8735MedSep 13, 2017
    risk 0.28cvss 4.3epss 0.04

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability".…

  • CVE-2017-8733MedSep 13, 2017
    risk 0.28cvss 4.3epss 0.05

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into believing that the user was visiting a…

  • CVE-2017-8724MedSep 13, 2017
    risk 0.28cvss 4.3epss 0.04

    Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from…

  • CVE-2017-8723MedSep 13, 2017
    risk 0.28cvss 4.3epss 0.04

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents,…

  • CVE-2017-8648MedSep 13, 2017
    risk 0.28cvss 4.3epss 0.06

    Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from…

  • CVE-2017-8643MedSep 13, 2017
    risk 0.28cvss 4.3epss 0.06

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure…

  • CVE-2017-8597MedSep 13, 2017
    risk 0.28cvss 4.3epss 0.06

    Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique…

  • CVE-2017-8662MedAug 8, 2017
    risk 0.28cvss 4.3epss 0.06

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disclose information due to how strings are validated in specific scenarios, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8652.

  • CVE-2017-8523MedJun 15, 2017
    risk 0.28cvss 4.3epss 0.01

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser…

  • CVE-2017-8504MedJun 15, 2017
    risk 0.28cvss 4.3epss 0.05

    Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID…

  • CVE-2017-8498MedJun 15, 2017
    risk 0.28cvss 4.3epss 0.05

    Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This…

  • CVE-2017-0231MedMay 12, 2017
    risk 0.28cvss 4.3epss 0.04

    A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability."

  • CVE-2017-0203MedApr 12, 2017
    risk 0.28cvss 4.3epss 0.04

    A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Security Feature Bypass…

  • CVE-2017-0192MedApr 12, 2017
    risk 0.28cvss 4.3epss 0.06

    The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive…

  • CVE-2017-0135MedMar 17, 2017
    risk 0.28cvss 4.2epss 0.08

    Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.

  • CVE-2025-21214MedJan 14, 2025
    risk 0.27cvss 4.2epss 0.01

    Windows BitLocker Information Disclosure Vulnerability

  • CVE-2025-21210MedJan 14, 2025
    risk 0.27cvss 4.2epss 0.01

    Windows BitLocker Information Disclosure Vulnerability

  • CVE-2024-38143MedAug 13, 2024
    risk 0.27cvss 4.2epss 0.02

    Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability

  • CVE-2024-0912MedJun 6, 2024
    risk 0.27cvss 4.2epss 0.00

    Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions

  • CVE-2024-28922MedApr 9, 2024
    risk 0.27cvss 4.1epss 0.01

    Secure Boot Security Feature Bypass Vulnerability

  • CVE-2024-29049MedApr 4, 2024
    risk 0.27cvss 4.1epss 0.01

    Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability

  • CVE-2024-21304MedFeb 13, 2024
    risk 0.27cvss 4.1epss 0.00

    Trusted Compute Base Elevation of Privilege Vulnerability

  • CVE-2023-36559MedOct 13, 2023
    risk 0.27cvss 4.2epss 0.01

    Microsoft Edge (Chromium-based) Spoofing Vulnerability

  • CVE-2022-29127MedMay 10, 2022
    risk 0.27cvss 4.2epss 0.01

    BitLocker Security Feature Bypass Vulnerability

  • CVE-2022-24466MedMay 10, 2022
    risk 0.27cvss 4.1epss 0.01

    Windows Hyper-V Security Feature Bypass Vulnerability

  • CVE-2022-21931MedJan 11, 2022
    risk 0.27cvss 4.2epss 0.01

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

  • CVE-2022-21930MedJan 11, 2022
    risk 0.27cvss 4.2epss 0.01

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

  • CVE-2021-43221MedNov 24, 2021
    risk 0.27cvss 4.2epss 0.01

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

  • CVE-2021-42279MedNov 10, 2021
    risk 0.27cvss 4.2epss 0.02

    Chakra Scripting Engine Memory Corruption Vulnerability

  • CVE-2021-41363MedOct 13, 2021
    risk 0.27cvss 4.2epss 0.00

    Intune Management Extension Security Feature Bypass Vulnerability

  • CVE-2021-31171MedMay 11, 2021
    risk 0.27cvss 4.1epss 0.01

    Microsoft SharePoint Information Disclosure Vulnerability

  • CVE-2021-28316MedApr 13, 2021
    risk 0.27cvss 4.2epss 0.01

    Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability

  • CVE-2021-1705MedJan 12, 2021
    risk 0.27cvss 4.2epss 0.02

    Microsoft Edge (HTML-based) Memory Corruption Vulnerability

  • CVE-2020-16942MedOct 16, 2020
    risk 0.27cvss 4.1epss 0.01

    An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the…

  • CVE-2020-16941MedOct 16, 2020
    risk 0.27cvss 4.1epss 0.01

    An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the…

  • CVE-2020-16884MedSep 11, 2020
    risk 0.27cvss 4.2epss 0.02

    A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of…

  • CVE-2020-1566MedAug 17, 2020
    risk 0.27cvss 4.2epss 0.02

    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete…

  • CVE-2020-0663MedFeb 11, 2020
    risk 0.27cvss 4.2epss 0.02

    An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a…

  • CVE-2019-1167MedJul 19, 2019
    risk 0.27cvss 4.1epss 0.01

    A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'.

  • CVE-2019-1081MedJun 12, 2019
    risk 0.27cvss 4.2epss 0.02

    An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a…

  • CVE-2019-1002MedJun 12, 2019
    risk 0.27cvss 4.2epss 0.02

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current…

  • CVE-2018-8435MedSep 13, 2018
    risk 0.27cvss 4.2epss 0.01

    A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

  • CVE-2016-3325LowSep 14, 2016
    risk 0.27cvss 3.1epss 0.54

    Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

  • CVE-2025-49728MedSep 16, 2025
    risk 0.26cvss 4.0epss 0.00

    Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2025-29839MedMay 13, 2025
    risk 0.26cvss 4.0epss 0.00

    Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.

  • CVE-2021-36943MedAug 12, 2021
    risk 0.26cvss 4.0epss 0.01

    Azure CycleCloud Elevation of Privilege Vulnerability

  • CVE-2020-1033MedSep 11, 2020
    risk 0.26cvss 4.0epss 0.01

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could…

Page 196 of 287