Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-23658 | Hig | 0.56 | 8.6 | 0.01 | Mar 19, 2026 | Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-24302 | Hig | 0.56 | 8.6 | 0.02 | Feb 5, 2026 | Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2025-62207 | Hig | 0.56 | 8.6 | 0.01 | Nov 20, 2025 | Azure Monitor Elevation of Privilege Vulnerability | ||
| CVE-2025-9491 | Hig | 0.56 | 7.8 | 0.63 | Aug 26, 2025 | Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target… | ||
| CVE-2025-48822 | Hig | 0.56 | 8.6 | 0.01 | Jul 8, 2025 | Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-27737 | Hig | 0.56 | 8.6 | 0.01 | Apr 8, 2025 | Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2025-21355 | Hig | 0.56 | 8.6 | 0.01 | Feb 19, 2025 | Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network | ||
| CVE-2024-38190 | Hig | 0.56 | 8.6 | 0.01 | Oct 15, 2024 | Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. | ||
| CVE-2024-38206 | Hig | 0.56 | 8.5 | 0.12 | Aug 6, 2024 | An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network. | ||
| CVE-2023-36563 | Med | 0.56 | 6.5 | 0.21 | KEV | Oct 10, 2023 | Microsoft WordPad Information Disclosure Vulnerability | |
| CVE-2023-36761 | Med | 0.56 | 6.5 | 0.19 | KEV | Sep 12, 2023 | Microsoft Word Information Disclosure Vulnerability | |
| CVE-2023-28302 | Hig | 0.56 | 7.5 | 0.94 | Apr 11, 2023 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | ||
| CVE-2023-28288 | Hig | 0.56 | 8.1 | 0.06 | Apr 11, 2023 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2023-21769 | Hig | 0.56 | 7.5 | 0.92 | Apr 11, 2023 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | ||
| CVE-2023-21758 | Hig | 0.56 | 7.5 | 0.92 | Jan 10, 2023 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | ||
| CVE-2023-21547 | Hig | 0.56 | 7.5 | 0.88 | Jan 10, 2023 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | ||
| CVE-2021-40487 | Hig | 0.56 | 8.1 | 0.46 | Oct 13, 2021 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2021-31977 | Hig | 0.56 | 8.6 | 0.03 | Jun 8, 2021 | Windows Hyper-V Denial of Service Vulnerability | ||
| CVE-2021-28472 | Hig | 0.56 | 7.8 | 0.63 | Apr 13, 2021 | Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability | ||
| CVE-2021-27084 | Hig | 0.56 | 7.8 | 0.61 | Mar 11, 2021 | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | ||
| CVE-2021-27083 | Hig | 0.56 | 7.8 | 0.63 | Mar 11, 2021 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | ||
| CVE-2020-17095 | Hig | 0.56 | 8.5 | 0.05 | Dec 10, 2020 | Windows Hyper-V Remote Code Execution Vulnerability | ||
| CVE-2020-17084 | Hig | 0.56 | 8.5 | 0.04 | Nov 11, 2020 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2020-16951 | Hig | 0.56 | 8.6 | 0.01 | Oct 16, 2020 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application… | ||
| CVE-2020-1460 | Hig | 0.56 | 8.6 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions… | ||
| CVE-2020-1453 | Hig | 0.56 | 8.6 | 0.02 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application… | ||
| CVE-2020-1452 | Hig | 0.56 | 8.6 | 0.02 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application… | ||
| CVE-2020-1200 | Hig | 0.56 | 8.6 | 0.02 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application… | ||
| CVE-2020-0668 | Hig | 0.56 | 7.8 | 0.26 | Feb 11, 2020 | An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672. | ||
| CVE-2019-0572 | Hig | 0.56 | 7.8 | 0.25 | Jan 8, 2019 | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10… | ||
| CVE-2018-8552 | Hig | 0.56 | 7.5 | 0.51 | Nov 14, 2018 | An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This… | ||
| CVE-2018-8284 | Hig | 0.56 | 8.1 | 0.43 | Jul 11, 2018 | A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework… | ||
| CVE-2018-0935 | Hig | 0.56 | 7.5 | 0.56 | Mar 14, 2018 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles… | ||
| CVE-2018-0840 | Hig | 0.56 | 7.5 | 0.54 | Feb 15, 2018 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to… | ||
| CVE-2017-11890 | Hig | 0.56 | 7.5 | 0.49 | Dec 12, 2017 | Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how… | ||
| CVE-2017-11855 | Hig | 0.56 | 7.5 | 0.48 | Nov 15, 2017 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user… | ||
| CVE-2017-11810 | Hig | 0.56 | 7.5 | 0.54 | Oct 13, 2017 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current… | ||
| CVE-2017-11793 | Hig | 0.56 | 7.5 | 0.49 | Oct 13, 2017 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current… | ||
| CVE-2017-8751 | Hig | 0.56 | 7.5 | 0.50 | Sep 13, 2017 | Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from… | ||
| CVE-2017-8734 | Hig | 0.56 | 7.5 | 0.53 | Sep 13, 2017 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption… | ||
| CVE-2017-8731 | Hig | 0.56 | 7.5 | 0.52 | Sep 13, 2017 | Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID… | ||
| CVE-2017-8657 | Hig | 0.56 | 7.5 | 0.55 | Aug 8, 2017 | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka… | ||
| CVE-2017-8635 | Hig | 0.56 | 7.5 | 0.56 | Aug 8, 2017 | Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to… | ||
| CVE-2017-8618 | Hig | 0.56 | 7.5 | 0.58 | Jul 11, 2017 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when… | ||
| CVE-2017-8594 | Hig | 0.56 | 7.5 | 0.50 | Jul 11, 2017 | Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption… | ||
| CVE-2017-0176 | Hig | 0.56 | 8.1 | 0.46 | Jun 22, 2017 | A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote… | ||
| CVE-2017-8496 | Hig | 0.56 | 7.5 | 0.51 | Jun 15, 2017 | Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from… | ||
| CVE-2017-0022 | Med | 0.56 | 6.5 | 0.18 | KEV | Mar 17, 2017 | Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing… | |
| CVE-2017-0004 | Hig | 0.56 | 7.5 | 0.90 | Jan 10, 2017 | The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka "Local Security Authority… | ||
| CVE-2016-7212 | Hig | 0.56 | 7.8 | 0.70 | Nov 10, 2016 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka… |
- risk 0.56cvss 8.6epss 0.01
Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
- risk 0.56cvss 8.6epss 0.02
Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network.
- risk 0.56cvss 8.6epss 0.01
Azure Monitor Elevation of Privilege Vulnerability
- risk 0.56cvss 7.8epss 0.63
Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target…
- risk 0.56cvss 8.6epss 0.01
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
- risk 0.56cvss 8.6epss 0.01
Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.
- risk 0.56cvss 8.6epss 0.01
Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network
- risk 0.56cvss 8.6epss 0.01
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.
- risk 0.56cvss 8.5epss 0.12
An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.
- risk 0.56cvss 6.5epss 0.21
Microsoft WordPad Information Disclosure Vulnerability
- risk 0.56cvss 6.5epss 0.19
Microsoft Word Information Disclosure Vulnerability
- risk 0.56cvss 7.5epss 0.94
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
- risk 0.56cvss 8.1epss 0.06
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.56cvss 7.5epss 0.92
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
- risk 0.56cvss 7.5epss 0.92
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
- risk 0.56cvss 7.5epss 0.88
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
- risk 0.56cvss 8.1epss 0.46
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.56cvss 8.6epss 0.03
Windows Hyper-V Denial of Service Vulnerability
- risk 0.56cvss 7.8epss 0.63
Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
- risk 0.56cvss 7.8epss 0.61
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
- risk 0.56cvss 7.8epss 0.63
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
- risk 0.56cvss 8.5epss 0.05
Windows Hyper-V Remote Code Execution Vulnerability
- risk 0.56cvss 8.5epss 0.04
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.56cvss 8.6epss 0.01
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…
- risk 0.56cvss 8.6epss 0.04
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions…
- risk 0.56cvss 8.6epss 0.02
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…
- risk 0.56cvss 8.6epss 0.02
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…
- risk 0.56cvss 8.6epss 0.02
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…
- risk 0.56cvss 7.8epss 0.26
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672.
- risk 0.56cvss 7.8epss 0.25
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10…
- risk 0.56cvss 7.5epss 0.51
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This…
- risk 0.56cvss 8.1epss 0.43
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework…
- risk 0.56cvss 7.5epss 0.56
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles…
- risk 0.56cvss 7.5epss 0.54
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to…
- risk 0.56cvss 7.5epss 0.49
Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how…
- risk 0.56cvss 7.5epss 0.48
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user…
- risk 0.56cvss 7.5epss 0.54
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current…
- risk 0.56cvss 7.5epss 0.49
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current…
- risk 0.56cvss 7.5epss 0.50
Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from…
- risk 0.56cvss 7.5epss 0.53
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption…
- risk 0.56cvss 7.5epss 0.52
Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID…
- risk 0.56cvss 7.5epss 0.55
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka…
- risk 0.56cvss 7.5epss 0.56
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to…
- risk 0.56cvss 7.5epss 0.58
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when…
- risk 0.56cvss 7.5epss 0.50
Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption…
- risk 0.56cvss 8.1epss 0.46
A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote…
- risk 0.56cvss 7.5epss 0.51
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from…
- risk 0.56cvss 6.5epss 0.18
Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing…
- risk 0.56cvss 7.5epss 0.90
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka "Local Security Authority…
- risk 0.56cvss 7.8epss 0.70
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka…
Page 37 of 287