VYPR

Vendor CVEs

Microsoft

All CVEs

14,175 total · sorted by risk
  • CVE-2019-1192Aug 14, 2019
    risk 0.00cvss epss 0.04

    A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An…

  • CVE-2019-1190Aug 14, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated…

  • CVE-2019-1188Aug 14, 2019
    risk 0.00cvss epss 0.04

    A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured…

  • CVE-2019-1187Aug 14, 2019
    risk 0.00cvss epss 0.03

    A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this…

  • CVE-2019-1186Aug 14, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1185Aug 14, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1180Aug 14, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1179Aug 14, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1178Aug 14, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1177Aug 14, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run…

  • CVE-2019-1175Aug 14, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1171Aug 14, 2019
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log…

  • CVE-2019-1162Aug 14, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then…

  • CVE-2019-1161Aug 14, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could…

  • CVE-2019-1159Aug 14, 2019
    risk 0.00cvss epss 0.12

    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete…

  • CVE-2019-1158Aug 14, 2019
    risk 0.00cvss epss 0.02

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an…

  • CVE-2019-1169Aug 14, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;…

  • CVE-2019-1168Aug 14, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then…

  • CVE-2019-1164Aug 14, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete…

  • CVE-2019-1174Aug 14, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated…

  • CVE-2019-1154Aug 14, 2019
    risk 0.00cvss epss 0.02

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an…

  • CVE-2019-1157Aug 14, 2019
    risk 0.00cvss epss 0.04

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…

  • CVE-2019-1163Aug 14, 2019
    risk 0.00cvss epss 0.01

    A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. To exploit the vulnerability, an attacker could modify…

  • CVE-2019-1173Aug 14, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated…

  • CVE-2019-1078Aug 14, 2019
    risk 0.00cvss epss 0.02

    An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could…

  • CVE-2019-1057Aug 14, 2019
    risk 0.00cvss epss 0.03

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability,…

  • CVE-2019-0723Aug 14, 2019
    risk 0.00cvss epss 0.05

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To…

  • CVE-2019-0965Aug 14, 2019
    risk 0.00cvss epss 0.01

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating…

  • CVE-2019-0720Aug 14, 2019
    risk 0.00cvss epss 0.04

    A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a…

  • CVE-2019-1131Aug 14, 2019
    risk 0.00cvss epss 0.02

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current…

  • CVE-2019-1133Aug 14, 2019
    risk 0.00cvss epss 0.03

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker…

  • CVE-2019-1139Aug 14, 2019
    risk 0.00cvss epss 0.02

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current…

  • CVE-2019-1140Aug 14, 2019
    risk 0.00cvss epss 0.04

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current…

  • CVE-2019-1141Aug 14, 2019
    risk 0.00cvss epss 0.02

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current…

  • CVE-2019-1143Aug 14, 2019
    risk 0.00cvss epss 0.02

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an…

  • CVE-2019-0714Aug 14, 2019
    risk 0.00cvss epss 0.05

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To…

  • CVE-2019-0718Aug 14, 2019
    risk 0.00cvss epss 0.05

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To…

  • CVE-2019-0716Aug 14, 2019
    risk 0.00cvss epss 0.04

    A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected…

  • CVE-2019-0717Aug 14, 2019
    risk 0.00cvss epss 0.05

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To…

  • CVE-2019-0715Aug 14, 2019
    risk 0.00cvss epss 0.05

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To…

  • CVE-2019-1137Jul 29, 2019
    risk 0.00cvss epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.

  • CVE-2019-1136Jul 29, 2019
    risk 0.00cvss epss 0.03

    An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.

  • CVE-2019-1134Jul 29, 2019
    risk 0.00cvss epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

  • CVE-2019-1126Jul 29, 2019
    risk 0.00cvss epss 0.05

    A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker…

  • CVE-2019-1107Jul 29, 2019
    risk 0.00cvss epss 0.09

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103,…

  • CVE-2019-1106Jul 29, 2019
    risk 0.00cvss epss 0.09

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103,…

  • CVE-2019-1105Jul 29, 2019
    risk 0.00cvss epss 0.02

    A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully…

  • CVE-2019-1104Jul 29, 2019
    risk 0.00cvss epss 0.07

    A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.

  • CVE-2019-1103Jul 29, 2019
    risk 0.00cvss epss 0.09

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1106,…

  • CVE-2019-2799Jul 23, 2019
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle ODBC Driver component of Oracle Database Server ***PRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS***. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit…

Page 266 of 284