Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-26876 | Hig | 0.57 | 8.8 | 0.03 | Mar 11, 2021 | OpenType Font Parsing Remote Code Execution Vulnerability | ||
| CVE-2021-26865 | Hig | 0.57 | 8.8 | 0.01 | Mar 11, 2021 | Windows Container Execution Agent Elevation of Privilege Vulnerability | ||
| CVE-2021-24088 | Hig | 0.57 | 8.8 | 0.02 | Feb 25, 2021 | Windows Local Spooler Remote Code Execution Vulnerability | ||
| CVE-2021-24072 | Hig | 0.57 | 8.8 | 0.02 | Feb 25, 2021 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2021-1728 | Hig | 0.57 | 8.8 | 0.02 | Feb 25, 2021 | System Center Operations Manager Elevation of Privilege Vulnerability | ||
| CVE-2020-17162 | Hig | 0.57 | 8.8 | 0.02 | Feb 25, 2021 | Microsoft Windows Security Feature Bypass Vulnerability | ||
| CVE-2021-1707 | Hig | 0.57 | 8.8 | 0.04 | Jan 12, 2021 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2021-1701 | Hig | 0.57 | 8.8 | 0.04 | Jan 12, 2021 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||
| CVE-2021-1700 | Hig | 0.57 | 8.8 | 0.04 | Jan 12, 2021 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||
| CVE-2021-1674 | Hig | 0.57 | 8.8 | 0.03 | Jan 12, 2021 | Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability | ||
| CVE-2021-1673 | Hig | 0.57 | 8.8 | 0.03 | Jan 12, 2021 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||
| CVE-2021-1671 | Hig | 0.57 | 8.8 | 0.03 | Jan 12, 2021 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||
| CVE-2021-1669 | Hig | 0.57 | 8.8 | 0.03 | Jan 12, 2021 | Windows Remote Desktop Security Feature Bypass Vulnerability | ||
| CVE-2021-1667 | Hig | 0.57 | 8.8 | 0.04 | Jan 12, 2021 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||
| CVE-2021-1666 | Hig | 0.57 | 8.8 | 0.03 | Jan 12, 2021 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||
| CVE-2021-1664 | Hig | 0.57 | 8.8 | 0.03 | Jan 12, 2021 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||
| CVE-2021-1660 | Hig | 0.57 | 8.8 | 0.03 | Jan 12, 2021 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||
| CVE-2021-1658 | Hig | 0.57 | 8.8 | 0.03 | Jan 12, 2021 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||
| CVE-2020-17158 | Hig | 0.57 | 8.8 | 0.03 | Dec 10, 2020 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | ||
| CVE-2020-17152 | Hig | 0.57 | 8.8 | 0.03 | Dec 10, 2020 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | ||
| CVE-2020-17147 | Hig | 0.57 | 8.7 | 0.01 | Dec 10, 2020 | Dynamics CRM Webclient Cross-site Scripting Vulnerability | ||
| CVE-2020-17121 | Hig | 0.57 | 8.8 | 0.03 | Dec 10, 2020 | Microsoft SharePoint Remote Code Execution Vulnerability | ||
| CVE-2020-1080 | Hig | 0.57 | 8.8 | 0.01 | Oct 16, 2020 | An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability… | ||
| CVE-2020-16946 | Hig | 0.57 | 8.7 | 0.01 | Oct 16, 2020 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to… | ||
| CVE-2020-16945 | Hig | 0.57 | 8.7 | 0.02 | Oct 16, 2020 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to… | ||
| CVE-2020-16944 | Hig | 0.57 | 8.7 | 0.01 | Oct 16, 2020 | This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint… | ||
| CVE-2020-16891 | Hig | 0.57 | 8.8 | 0.01 | Oct 16, 2020 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating… | ||
| CVE-2020-1012 | Hig | 0.57 | 8.8 | 0.04 | Sep 11, 2020 | An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the… | ||
| CVE-2020-0761 | Hig | 0.57 | 8.8 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To… | ||
| CVE-2020-0718 | Hig | 0.57 | 8.8 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To… | ||
| CVE-2020-1313 | Hig | 0.57 | 7.8 | 0.40 | Jun 9, 2020 | An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. | ||
| CVE-2020-1295 | Hig | 0.57 | 8.8 | 0.03 | Jun 9, 2020 | An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. | ||
| CVE-2020-1255 | Hig | 0.57 | 8.8 | 0.03 | Jun 9, 2020 | An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | ||
| CVE-2020-1178 | Hig | 0.57 | 8.8 | 0.03 | Jun 9, 2020 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka 'Microsoft SharePoint Server Elevation of Privilege Vulnerability'. | ||
| CVE-2020-0981 | Hig | 0.57 | 8.8 | 0.01 | Apr 15, 2020 | A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to… | ||
| CVE-2020-0792 | Hig | 0.57 | 8.8 | 0.01 | Feb 11, 2020 | An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0715, CVE-2020-0745. | ||
| CVE-2020-0655 | Hig | 0.57 | 8.0 | 0.66 | Feb 11, 2020 | A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | ||
| CVE-2019-1358 | Hig | 0.57 | 7.8 | 0.76 | Oct 10, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359. | ||
| CVE-2019-1261 | Hig | 0.57 | 8.8 | 0.02 | Sep 11, 2019 | A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a… | ||
| CVE-2019-1259 | Hig | 0.57 | 8.8 | 0.01 | Sep 11, 2019 | A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a… | ||
| CVE-2019-1229 | Hig | 0.57 | 8.8 | 0.03 | Aug 14, 2019 | An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this… | ||
| CVE-2019-0958 | Hig | 0.57 | 8.8 | 0.03 | May 16, 2019 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957. | ||
| CVE-2019-0957 | Hig | 0.57 | 8.8 | 0.03 | May 16, 2019 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0958. | ||
| CVE-2018-8631 | Hig | 0.57 | 7.5 | 0.69 | Dec 12, 2018 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | ||
| CVE-2018-8413 | Hig | 0.57 | 7.8 | 0.46 | Oct 10, 2018 | A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012,… | ||
| CVE-2018-16793 | Hig | 0.57 | 8.6 | 0.11 | Sep 21, 2018 | Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | ||
| CVE-2018-16794 | Hig | 0.57 | 8.6 | 0.08 | Sep 18, 2018 | Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. | ||
| CVE-2018-8353 | Hig | 0.57 | 7.5 | 0.68 | Aug 15, 2018 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is… | ||
| CVE-2018-8279 | Hig | 0.57 | 7.5 | 0.71 | Jul 11, 2018 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274,… | ||
| CVE-2018-8219 | Hig | 0.57 | 8.8 | 0.01 | Jun 14, 2018 | An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. |
- risk 0.57cvss 8.8epss 0.03
OpenType Font Parsing Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Windows Container Execution Agent Elevation of Privilege Vulnerability
- risk 0.57cvss 8.8epss 0.02
Windows Local Spooler Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
System Center Operations Manager Elevation of Privilege Vulnerability
- risk 0.57cvss 8.8epss 0.02
Microsoft Windows Security Feature Bypass Vulnerability
- risk 0.57cvss 8.8epss 0.04
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.04
Remote Procedure Call Runtime Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.04
Remote Procedure Call Runtime Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.03
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
- risk 0.57cvss 8.8epss 0.03
Remote Procedure Call Runtime Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.03
Remote Procedure Call Runtime Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.03
Windows Remote Desktop Security Feature Bypass Vulnerability
- risk 0.57cvss 8.8epss 0.04
Remote Procedure Call Runtime Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.03
Remote Procedure Call Runtime Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.03
Remote Procedure Call Runtime Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.03
Remote Procedure Call Runtime Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.03
Remote Procedure Call Runtime Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.03
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.03
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
- risk 0.57cvss 8.7epss 0.01
Dynamics CRM Webclient Cross-site Scripting Vulnerability
- risk 0.57cvss 8.8epss 0.03
Microsoft SharePoint Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability…
- risk 0.57cvss 8.7epss 0.01
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to…
- risk 0.57cvss 8.7epss 0.02
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to…
- risk 0.57cvss 8.7epss 0.01
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint…
- risk 0.57cvss 8.8epss 0.01
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating…
- risk 0.57cvss 8.8epss 0.04
An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the…
- risk 0.57cvss 8.8epss 0.04
A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To…
- risk 0.57cvss 8.8epss 0.04
A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To…
- risk 0.57cvss 7.8epss 0.40
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'.
- risk 0.57cvss 8.8epss 0.03
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
- risk 0.57cvss 8.8epss 0.03
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
- risk 0.57cvss 8.8epss 0.03
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka 'Microsoft SharePoint Server Elevation of Privilege Vulnerability'.
- risk 0.57cvss 8.8epss 0.01
A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to…
- risk 0.57cvss 8.8epss 0.01
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0715, CVE-2020-0745.
- risk 0.57cvss 8.0epss 0.66
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
- risk 0.57cvss 7.8epss 0.76
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359.
- risk 0.57cvss 8.8epss 0.02
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a…
- risk 0.57cvss 8.8epss 0.01
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a…
- risk 0.57cvss 8.8epss 0.03
An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this…
- risk 0.57cvss 8.8epss 0.03
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957.
- risk 0.57cvss 8.8epss 0.03
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0958.
- risk 0.57cvss 7.5epss 0.69
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
- risk 0.57cvss 7.8epss 0.46
A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012,…
- risk 0.57cvss 8.6epss 0.11
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
- risk 0.57cvss 8.6epss 0.08
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.
- risk 0.57cvss 7.5epss 0.68
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is…
- risk 0.57cvss 7.5epss 0.71
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274,…
- risk 0.57cvss 8.8epss 0.01
An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Page 35 of 287