Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23272 | Hig | 0.53 | 8.1 | 0.03 | Feb 9, 2022 | Microsoft Dynamics GP Elevation Of Privilege Vulnerability | ||
| CVE-2022-23256 | Hig | 0.53 | 8.1 | 0.02 | Feb 9, 2022 | Azure Data Explorer Spoofing Vulnerability | ||
| CVE-2022-21991 | Hig | 0.53 | 8.1 | 0.02 | Feb 9, 2022 | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | ||
| CVE-2022-21893 | Hig | 0.53 | 8.0 | 0.07 | Jan 11, 2022 | Remote Desktop Protocol Remote Code Execution Vulnerability | ||
| CVE-2021-43217 | Hig | 0.53 | 8.1 | 0.06 | Dec 15, 2021 | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | ||
| CVE-2021-42310 | Hig | 0.53 | 8.1 | 0.02 | Dec 15, 2021 | Microsoft Defender for IoT Remote Code Execution Vulnerability | ||
| CVE-2021-42306 | Hig | 0.53 | 8.1 | 0.03 | Nov 24, 2021 | An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a… | ||
| CVE-2021-41344 | Hig | 0.53 | 8.1 | 0.06 | Oct 13, 2021 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2021-26435 | Hig | 0.53 | 8.1 | 0.05 | Sep 15, 2021 | Windows Scripting Engine Memory Corruption Vulnerability | ||
| CVE-2021-36958 | Hig | 0.53 | 7.8 | 0.32 | Aug 12, 2021 | A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install… | ||
| CVE-2021-34524 | Hig | 0.53 | 8.1 | 0.03 | Aug 12, 2021 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | ||
| CVE-2021-34520 | Hig | 0.53 | 8.1 | 0.03 | Jul 14, 2021 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2021-34492 | Hig | 0.53 | 8.1 | 0.02 | Jul 14, 2021 | Windows Certificate Spoofing Vulnerability | ||
| CVE-2021-33786 | Hig | 0.53 | 8.1 | 0.02 | Jul 14, 2021 | Windows LSA Security Feature Bypass Vulnerability | ||
| CVE-2021-33781 | Hig | 0.53 | 8.1 | 0.02 | Jul 14, 2021 | Azure AD Security Feature Bypass Vulnerability | ||
| CVE-2021-33779 | Hig | 0.53 | 8.1 | 0.02 | Jul 14, 2021 | Windows AD FS Security Feature Bypass Vulnerability | ||
| CVE-2021-33767 | Hig | 0.53 | 8.2 | 0.01 | Jul 14, 2021 | Open Enclave SDK Elevation of Privilege Vulnerability | ||
| CVE-2021-31980 | Hig | 0.53 | 8.1 | 0.03 | Jun 8, 2021 | Microsoft Intune Management Extension Remote Code Execution Vulnerability | ||
| CVE-2021-31950 | Hig | 0.53 | 7.6 | 0.05 | Jun 8, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-28460 | Hig | 0.53 | 8.1 | 0.00 | Apr 13, 2021 | Azure Sphere Unsigned Code Execution Vulnerability | ||
| CVE-2021-28445 | Hig | 0.53 | 8.1 | 0.03 | Apr 13, 2021 | Windows Network File System Remote Code Execution Vulnerability | ||
| CVE-2021-24112 | Hig | 0.53 | 8.1 | 0.03 | Feb 25, 2021 | .NET Core Remote Code Execution Vulnerability | ||
| CVE-2021-24086 | Hig | 0.53 | 7.5 | 0.59 | Feb 25, 2021 | Windows TCP/IP Denial of Service Vulnerability | ||
| CVE-2021-1722 | Hig | 0.53 | 8.1 | 0.02 | Feb 25, 2021 | Windows Fax Service Remote Code Execution Vulnerability | ||
| CVE-2020-17118 | Hig | 0.53 | 8.1 | 0.04 | Dec 10, 2020 | Microsoft SharePoint Remote Code Execution Vulnerability | ||
| CVE-2020-16970 | Hig | 0.53 | 8.1 | 0.01 | Nov 11, 2020 | Azure Sphere Unsigned Code Execution Vulnerability | ||
| CVE-2020-1400 | Hig | 0.53 | 7.8 | 0.24 | Jul 14, 2020 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407. | ||
| CVE-2020-1349 | Hig | 0.53 | 7.8 | 0.23 | Jul 14, 2020 | A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'. | ||
| CVE-2020-1056 | Hig | 0.53 | 8.1 | 0.03 | May 21, 2020 | An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a… | ||
| CVE-2020-1022 | Hig | 0.53 | 8.0 | 0.07 | Apr 15, 2020 | A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'. | ||
| CVE-2020-0905 | Hig | 0.53 | 8.0 | 0.11 | Mar 12, 2020 | An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'. | ||
| CVE-2020-0692 | Hig | 0.53 | 8.1 | 0.03 | Feb 11, 2020 | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. | ||
| CVE-2020-0665 | Hig | 0.53 | 8.1 | 0.04 | Feb 11, 2020 | An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1448 | Hig | 0.53 | 7.8 | 0.28 | Nov 12, 2019 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | ||
| CVE-2019-1424 | Hig | 0.53 | 8.1 | 0.03 | Nov 12, 2019 | A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel, aka 'NetLogon Security Feature Bypass Vulnerability'. | ||
| CVE-2019-1234 | Hig | 0.53 | 7.5 | 0.58 | Nov 12, 2019 | A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'. | ||
| CVE-2019-1311 | Hig | 0.53 | 7.8 | 0.34 | Oct 10, 2019 | A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'. | ||
| CVE-2019-1136 | Hig | 0.53 | 8.1 | 0.03 | Jul 15, 2019 | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. | ||
| CVE-2019-0734 | Hig | 0.53 | 8.1 | 0.04 | May 16, 2019 | An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this… | ||
| CVE-2019-0728 | Hig | 0.53 | 7.8 | 0.28 | Mar 5, 2019 | A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'. | ||
| CVE-2018-8587 | Hig | 0.53 | 7.8 | 0.29 | Dec 12, 2018 | A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. | ||
| CVE-2018-12368 | Hig | 0.53 | 8.1 | 0.05 | Oct 18, 2018 | Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an… | ||
| CVE-2018-8495 | Hig | 0.53 | 7.5 | 0.56 | Oct 10, 2018 | A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||
| CVE-2018-8423 | Hig | 0.53 | 7.8 | 0.33 | Oct 10, 2018 | A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server… | ||
| CVE-2018-8430 | Hig | 0.53 | 7.8 | 0.23 | Sep 13, 2018 | A remote code execution vulnerability exists in Microsoft Word if a user opens a specially crafted PDF file, aka "Word PDF Remote Code Execution Vulnerability." This affects Microsoft Word, Microsoft Office. | ||
| CVE-2018-8392 | Hig | 0.53 | 7.8 | 0.23 | Sep 13, 2018 | A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1,… | ||
| CVE-2018-8172 | Hig | 0.53 | 7.8 | 0.31 | Jul 11, 2018 | A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4. | ||
| CVE-2018-8210 | Hig | 0.53 | 7.8 | 0.25 | Jun 14, 2018 | A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10… | ||
| CVE-2018-8162 | Hig | 0.53 | 7.8 | 0.23 | May 9, 2018 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from… | ||
| CVE-2018-8158 | Hig | 0.53 | 7.8 | 0.23 | May 9, 2018 | A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8157,… |
- risk 0.53cvss 8.1epss 0.03
Microsoft Dynamics GP Elevation Of Privilege Vulnerability
- risk 0.53cvss 8.1epss 0.02
Azure Data Explorer Spoofing Vulnerability
- risk 0.53cvss 8.1epss 0.02
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
- risk 0.53cvss 8.0epss 0.07
Remote Desktop Protocol Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.06
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.02
Microsoft Defender for IoT Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.03
An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a…
- risk 0.53cvss 8.1epss 0.06
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.05
Windows Scripting Engine Memory Corruption Vulnerability
- risk 0.53cvss 7.8epss 0.32
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install…
- risk 0.53cvss 8.1epss 0.03
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.03
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.02
Windows Certificate Spoofing Vulnerability
- risk 0.53cvss 8.1epss 0.02
Windows LSA Security Feature Bypass Vulnerability
- risk 0.53cvss 8.1epss 0.02
Azure AD Security Feature Bypass Vulnerability
- risk 0.53cvss 8.1epss 0.02
Windows AD FS Security Feature Bypass Vulnerability
- risk 0.53cvss 8.2epss 0.01
Open Enclave SDK Elevation of Privilege Vulnerability
- risk 0.53cvss 8.1epss 0.03
Microsoft Intune Management Extension Remote Code Execution Vulnerability
- risk 0.53cvss 7.6epss 0.05
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.53cvss 8.1epss 0.00
Azure Sphere Unsigned Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.03
Windows Network File System Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.03
.NET Core Remote Code Execution Vulnerability
- risk 0.53cvss 7.5epss 0.59
Windows TCP/IP Denial of Service Vulnerability
- risk 0.53cvss 8.1epss 0.02
Windows Fax Service Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.04
Microsoft SharePoint Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.01
Azure Sphere Unsigned Code Execution Vulnerability
- risk 0.53cvss 7.8epss 0.24
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407.
- risk 0.53cvss 7.8epss 0.23
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.
- risk 0.53cvss 8.1epss 0.03
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a…
- risk 0.53cvss 8.0epss 0.07
A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.
- risk 0.53cvss 8.0epss 0.11
An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.
- risk 0.53cvss 8.1epss 0.03
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
- risk 0.53cvss 8.1epss 0.04
An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.
- risk 0.53cvss 7.8epss 0.28
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
- risk 0.53cvss 8.1epss 0.03
A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel, aka 'NetLogon Security Feature Bypass Vulnerability'.
- risk 0.53cvss 7.5epss 0.58
A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'.
- risk 0.53cvss 7.8epss 0.34
A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'.
- risk 0.53cvss 8.1epss 0.03
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
- risk 0.53cvss 8.1epss 0.04
An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this…
- risk 0.53cvss 7.8epss 0.28
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.
- risk 0.53cvss 7.8epss 0.29
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.
- risk 0.53cvss 8.1epss 0.05
Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an…
- risk 0.53cvss 7.5epss 0.56
A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- risk 0.53cvss 7.8epss 0.33
A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server…
- risk 0.53cvss 7.8epss 0.23
A remote code execution vulnerability exists in Microsoft Word if a user opens a specially crafted PDF file, aka "Word PDF Remote Code Execution Vulnerability." This affects Microsoft Word, Microsoft Office.
- risk 0.53cvss 7.8epss 0.23
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1,…
- risk 0.53cvss 7.8epss 0.31
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.
- risk 0.53cvss 7.8epss 0.25
A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10…
- risk 0.53cvss 7.8epss 0.23
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from…
- risk 0.53cvss 7.8epss 0.23
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8157,…
Page 47 of 287