VYPR

Vendor CVEs

Microsoft

All CVEs

14,175 total · sorted by risk
  • CVE-2018-1010HigApr 12, 2018
    risk 0.60cvss 8.8epss 0.40

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,…

  • CVE-2017-0290HigMay 9, 2017
    risk 0.60cvss 7.8epss 0.77

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2016-7272HigDec 20, 2016
    risk 0.60cvss 8.8epss 0.39

    The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via…

  • CVE-2016-3345HigSep 14, 2016
    risk 0.60cvss 8.8epss 0.32

    The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via crafted packets, aka…

  • CVE-2016-3312CriAug 9, 2016
    risk 0.60cvss 9.1epss 0.10

    ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Information Disclosure Vulnerability."

  • CVE-2016-3211HigJun 16, 2016
    risk 0.60cvss 8.8epss 0.32

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and…

  • CVE-2016-0041HigFeb 10, 2016
    risk 0.60cvss 7.8epss 0.84

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a…

  • CVE-2013-0810HigSep 11, 2013
    risk 0.60cvss 8.1epss 0.60

    Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability."

  • CVE-2013-0022CriFeb 13, 2013
    risk 0.60cvss 9.0epss 0.17

    Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability."

  • CVE-2012-4787CriDec 12, 2012
    risk 0.60cvss 9.0epss 0.18

    Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free…

  • CVE-2010-3328HigOct 13, 2010
    risk 0.60cvss 8.8epss 0.32

    Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption…

  • CVE-2010-0248HigJan 22, 2010
    risk 0.60cvss 8.1epss 0.53

    Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object…

  • CVE-2009-0231HigJul 15, 2009
    risk 0.60cvss 8.8epss 0.37

    The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers…

  • CVE-2009-1532HigJun 10, 2009
    risk 0.60cvss 8.8epss 0.37

    Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references"…

  • CVE-2009-0554HigApr 15, 2009
    risk 0.60cvss 8.8epss 0.32

    Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an…

  • CVE-2009-0244HigJan 21, 2009
    risk 0.60cvss 8.8epss 0.30

    Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and…

  • CVE-2008-3475HigOct 15, 2008
    risk 0.60cvss 8.8epss 0.40

    Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka…

  • CVE-2008-1083HigApr 8, 2008
    risk 0.60cvss 8.1epss 0.57

    Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers…

  • CVE-2008-0077HigFeb 12, 2008
    risk 0.60cvss 8.8epss 0.37

    Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory…

  • CVE-1999-0511CriJan 1, 1997
    risk 0.60cvss 9.1epss 0.07

    IP forwarding is enabled on a machine which is not a router or firewall.

  • CVE-2026-45602CriJun 9, 2026
    risk 0.59cvss 9.1epss 0.00

    No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.

  • CVE-2026-48579CriJun 4, 2026
    risk 0.59cvss 9.1epss 0.01

    Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-33843CriMay 22, 2026
    risk 0.59cvss 9.1epss 0.00

    Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-42833CriMay 12, 2026
    risk 0.59cvss 9.1epss 0.01

    Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

  • CVE-2026-41103CriMay 12, 2026
    risk 0.59cvss 9.1epss 0.05

    Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-33844CriMay 7, 2026
    risk 0.59cvss 9.0epss 0.01

    Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.

  • CVE-2026-40372CriApr 21, 2026
    risk 0.59cvss 9.1epss 0.11

    Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-26149CriApr 14, 2026
    risk 0.59cvss 9.0epss 0.01

    Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-32211CriApr 3, 2026
    risk 0.59cvss 9.1epss 0.01

    Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.

  • CVE-2022-41106HigNov 9, 2022
    risk 0.59cvss 8.8epss 0.02

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2018-8504HigOct 10, 2018
    risk 0.59cvss 8.8epss 0.19

    A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office,…

  • CVE-2018-8502HigOct 10, 2018
    risk 0.59cvss 8.8epss 0.20

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel.

  • CVE-2018-8501HigOct 10, 2018
    risk 0.59cvss 8.8epss 0.19

    A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Office 365 ProPlus, PowerPoint Viewer, Microsoft…

  • CVE-2018-8494HigOct 10, 2018
    risk 0.59cvss 8.8epss 0.22

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019,…

  • CVE-2018-8332HigSep 13, 2018
    risk 0.59cvss 8.8epss 0.19

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R2, Windows RT 8.1, Windows…

  • CVE-2018-8376HigAug 15, 2018
    risk 0.59cvss 8.8epss 0.18

    A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft PowerPoint.

  • CVE-2018-8350HigAug 15, 2018
    risk 0.59cvss 8.8epss 0.19

    A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.

  • CVE-2018-8349HigAug 15, 2018
    risk 0.59cvss 8.8epss 0.23

    A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server…

  • CVE-2018-8346HigAug 15, 2018
    risk 0.59cvss 8.8epss 0.19

    A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from…

  • CVE-2018-8344HigAug 15, 2018
    risk 0.59cvss 8.8epss 0.22

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,…

  • CVE-2018-8311HigJul 11, 2018
    risk 0.59cvss 8.8epss 0.17

    A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.

  • CVE-2018-8176HigMay 23, 2018
    risk 0.59cvss 8.8epss 0.22

    A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.

  • CVE-2018-8115HigMay 2, 2018
    risk 0.59cvss 8.6epss 0.33

    A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host…

  • CVE-2018-1030HigApr 12, 2018
    risk 0.59cvss 8.8epss 0.24

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1026.

  • CVE-2018-1028HigApr 12, 2018
    risk 0.59cvss 8.8epss 0.19

    A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft…

  • CVE-2018-1016HigApr 12, 2018
    risk 0.59cvss 8.8epss 0.23

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,…

  • CVE-2018-1015HigApr 12, 2018
    risk 0.59cvss 8.8epss 0.23

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,…

  • CVE-2018-1013HigApr 12, 2018
    risk 0.59cvss 8.8epss 0.23

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,…

  • CVE-2018-1012HigApr 12, 2018
    risk 0.59cvss 8.8epss 0.23

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,…

  • CVE-2018-1004HigApr 12, 2018
    risk 0.59cvss 8.8epss 0.19

    A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Internet Explorer 9, Windows RT 8.1, Windows Server…

Page 6 of 284