VYPR

Vendor CVEs

Microsoft

All CVEs

14,318 total · sorted by risk
  • CVE-2021-26876HigMar 11, 2021
    risk 0.57cvss 8.8epss 0.03

    OpenType Font Parsing Remote Code Execution Vulnerability

  • CVE-2021-26865HigMar 11, 2021
    risk 0.57cvss 8.8epss 0.01

    Windows Container Execution Agent Elevation of Privilege Vulnerability

  • CVE-2021-24088HigFeb 25, 2021
    risk 0.57cvss 8.8epss 0.02

    Windows Local Spooler Remote Code Execution Vulnerability

  • CVE-2021-24072HigFeb 25, 2021
    risk 0.57cvss 8.8epss 0.02

    Microsoft SharePoint Server Remote Code Execution Vulnerability

  • CVE-2021-1728HigFeb 25, 2021
    risk 0.57cvss 8.8epss 0.02

    System Center Operations Manager Elevation of Privilege Vulnerability

  • CVE-2020-17162HigFeb 25, 2021
    risk 0.57cvss 8.8epss 0.02

    Microsoft Windows Security Feature Bypass Vulnerability

  • CVE-2021-1707HigJan 12, 2021
    risk 0.57cvss 8.8epss 0.04

    Microsoft SharePoint Server Remote Code Execution Vulnerability

  • CVE-2021-1701HigJan 12, 2021
    risk 0.57cvss 8.8epss 0.04

    Remote Procedure Call Runtime Remote Code Execution Vulnerability

  • CVE-2021-1700HigJan 12, 2021
    risk 0.57cvss 8.8epss 0.04

    Remote Procedure Call Runtime Remote Code Execution Vulnerability

  • CVE-2021-1674HigJan 12, 2021
    risk 0.57cvss 8.8epss 0.03

    Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability

  • CVE-2021-1673HigJan 12, 2021
    risk 0.57cvss 8.8epss 0.03

    Remote Procedure Call Runtime Remote Code Execution Vulnerability

  • CVE-2021-1671HigJan 12, 2021
    risk 0.57cvss 8.8epss 0.03

    Remote Procedure Call Runtime Remote Code Execution Vulnerability

  • CVE-2021-1669HigJan 12, 2021
    risk 0.57cvss 8.8epss 0.03

    Windows Remote Desktop Security Feature Bypass Vulnerability

  • CVE-2021-1667HigJan 12, 2021
    risk 0.57cvss 8.8epss 0.04

    Remote Procedure Call Runtime Remote Code Execution Vulnerability

  • CVE-2021-1666HigJan 12, 2021
    risk 0.57cvss 8.8epss 0.03

    Remote Procedure Call Runtime Remote Code Execution Vulnerability

  • CVE-2021-1664HigJan 12, 2021
    risk 0.57cvss 8.8epss 0.03

    Remote Procedure Call Runtime Remote Code Execution Vulnerability

  • CVE-2021-1660HigJan 12, 2021
    risk 0.57cvss 8.8epss 0.03

    Remote Procedure Call Runtime Remote Code Execution Vulnerability

  • CVE-2021-1658HigJan 12, 2021
    risk 0.57cvss 8.8epss 0.03

    Remote Procedure Call Runtime Remote Code Execution Vulnerability

  • CVE-2020-17158HigDec 10, 2020
    risk 0.57cvss 8.8epss 0.03

    Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

  • CVE-2020-17152HigDec 10, 2020
    risk 0.57cvss 8.8epss 0.03

    Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

  • CVE-2020-17147HigDec 10, 2020
    risk 0.57cvss 8.7epss 0.01

    Dynamics CRM Webclient Cross-site Scripting Vulnerability

  • CVE-2020-17121HigDec 10, 2020
    risk 0.57cvss 8.8epss 0.03

    Microsoft SharePoint Remote Code Execution Vulnerability

  • CVE-2020-1080HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.01

    An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability…

  • CVE-2020-16946HigOct 16, 2020
    risk 0.57cvss 8.7epss 0.01

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to…

  • CVE-2020-16945HigOct 16, 2020
    risk 0.57cvss 8.7epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to…

  • CVE-2020-16944HigOct 16, 2020
    risk 0.57cvss 8.7epss 0.01

    This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint…

  • CVE-2020-16891HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating…

  • CVE-2020-1012HigSep 11, 2020
    risk 0.57cvss 8.8epss 0.04

    An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the…

  • CVE-2020-0761HigSep 11, 2020
    risk 0.57cvss 8.8epss 0.04

    A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To…

  • CVE-2020-0718HigSep 11, 2020
    risk 0.57cvss 8.8epss 0.04

    A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To…

  • CVE-2020-1313HigJun 9, 2020
    risk 0.57cvss 7.8epss 0.40

    An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'.

  • CVE-2020-1295HigJun 9, 2020
    risk 0.57cvss 8.8epss 0.03

    An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.

  • CVE-2020-1255HigJun 9, 2020
    risk 0.57cvss 8.8epss 0.03

    An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.

  • CVE-2020-1178HigJun 9, 2020
    risk 0.57cvss 8.8epss 0.03

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka 'Microsoft SharePoint Server Elevation of Privilege Vulnerability'.

  • CVE-2020-0981HigApr 15, 2020
    risk 0.57cvss 8.8epss 0.01

    A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to…

  • CVE-2020-0792HigFeb 11, 2020
    risk 0.57cvss 8.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0715, CVE-2020-0745.

  • CVE-2020-0655HigFeb 11, 2020
    risk 0.57cvss 8.0epss 0.66

    A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

  • CVE-2019-1358HigOct 10, 2019
    risk 0.57cvss 7.8epss 0.76

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359.

  • CVE-2019-1261HigSep 11, 2019
    risk 0.57cvss 8.8epss 0.02

    A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a…

  • CVE-2019-1259HigSep 11, 2019
    risk 0.57cvss 8.8epss 0.01

    A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a…

  • CVE-2019-1229HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.03

    An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this…

  • CVE-2019-0958HigMay 16, 2019
    risk 0.57cvss 8.8epss 0.03

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957.

  • CVE-2019-0957HigMay 16, 2019
    risk 0.57cvss 8.8epss 0.03

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0958.

  • CVE-2018-8631HigDec 12, 2018
    risk 0.57cvss 7.5epss 0.69

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.

  • CVE-2018-8413HigOct 10, 2018
    risk 0.57cvss 7.8epss 0.46

    A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012,…

  • CVE-2018-16793HigSep 21, 2018
    risk 0.57cvss 8.6epss 0.11

    Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

  • CVE-2018-16794HigSep 18, 2018
    risk 0.57cvss 8.6epss 0.08

    Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.

  • CVE-2018-8353HigAug 15, 2018
    risk 0.57cvss 7.5epss 0.68

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is…

  • CVE-2018-8279HigJul 11, 2018
    risk 0.57cvss 7.5epss 0.71

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274,…

  • CVE-2018-8219HigJun 14, 2018
    risk 0.57cvss 8.8epss 0.01

    An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

Page 35 of 287