VYPR

Vendor CVEs

Microsoft

All CVEs

14,175 total · sorted by risk
  • CVE-2013-0006HigJan 9, 2013
    risk 0.59cvss 8.8epss 0.28

    Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."

  • CVE-2012-4775HigNov 14, 2012
    risk 0.59cvss 8.8epss 0.22

    Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability."

  • CVE-2012-0175HigJul 10, 2012
    risk 0.59cvss 8.8epss 0.26

    The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command…

  • CVE-2011-3406HigDec 14, 2011
    risk 0.59cvss 8.8epss 0.23

    Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold…

  • CVE-2011-0663HigApr 13, 2011
    risk 0.59cvss 8.8epss 0.26

    Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."

  • CVE-2009-1544HigAug 12, 2009
    risk 0.59cvss 8.8epss 0.21

    Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold,…

  • CVE-2024-43455HigSep 10, 2024
    risk 0.58cvss 8.8epss 0.02

    Windows Remote Desktop Licensing Service Spoofing Vulnerability

  • CVE-2024-30103HigJun 11, 2024
    risk 0.58cvss 8.8epss 0.03

    Microsoft Outlook Remote Code Execution Vulnerability

  • CVE-2022-21840HigJan 11, 2022
    risk 0.58cvss 8.8epss 0.03

    Microsoft Office Remote Code Execution Vulnerability

  • CVE-2018-8531HigOct 10, 2018
    risk 0.58cvss 8.8epss 0.15

    A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT Device Client SDK Memory Corruption Vulnerability." This affects Hub Device Client SDK, Azure IoT Edge.

  • CVE-2018-8500CriOct 10, 2018
    risk 0.58cvss 9.8epss 0.18

    A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore.

  • CVE-2018-8475HigSep 13, 2018
    risk 0.58cvss 8.8epss 0.15

    A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows…

  • CVE-2018-8300HigJul 11, 2018
    risk 0.58cvss 8.8epss 0.13

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This affects Microsoft SharePoint.

  • CVE-2018-8260HigJul 11, 2018
    risk 0.58cvss 8.8epss 0.15

    A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2.

  • CVE-2018-8126HigMay 9, 2018
    risk 0.58cvss 8.8epss 0.05

    A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.

  • CVE-2018-0947HigMar 14, 2018
    risk 0.58cvss 8.8epss 0.05

    Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique…

  • CVE-2018-0944HigMar 14, 2018
    risk 0.58cvss 8.8epss 0.05

    Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from…

  • CVE-2018-0923HigMar 14, 2018
    risk 0.58cvss 8.8epss 0.05

    Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910.…

  • CVE-2018-0921HigMar 14, 2018
    risk 0.58cvss 8.8epss 0.05

    Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910.…

  • CVE-2018-0917HigMar 14, 2018
    risk 0.58cvss 8.8epss 0.05

    Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910.…

  • CVE-2018-0916HigMar 14, 2018
    risk 0.58cvss 8.8epss 0.05

    Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from…

  • CVE-2018-0915HigMar 14, 2018
    risk 0.58cvss 8.8epss 0.05

    Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from…

  • CVE-2018-0914HigMar 14, 2018
    risk 0.58cvss 8.8epss 0.05

    Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from…

  • CVE-2018-0913HigMar 14, 2018
    risk 0.58cvss 8.8epss 0.05

    Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from…

  • CVE-2018-0912HigMar 14, 2018
    risk 0.58cvss 8.8epss 0.05

    Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from…

  • CVE-2018-0911HigMar 14, 2018
    risk 0.58cvss 8.8epss 0.05

    Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from…

  • CVE-2018-0910HigMar 14, 2018
    risk 0.58cvss 8.8epss 0.05

    Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from…

  • CVE-2018-0909HigMar 14, 2018
    risk 0.58cvss 8.8epss 0.05

    Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from…

  • CVE-2018-0790HigJan 10, 2018
    risk 0.58cvss 8.8epss 0.05

    Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique…

  • CVE-2018-0789HigJan 10, 2018
    risk 0.58cvss 8.8epss 0.06

    Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique…

  • CVE-2018-0784HigJan 10, 2018
    risk 0.58cvss 8.8epss 0.07

    ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808.

  • CVE-2018-0777HigJan 4, 2018
    risk 0.58cvss 7.5epss 0.78

    Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".…

  • CVE-2018-0776HigJan 4, 2018
    risk 0.58cvss 7.5epss 0.78

    Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".…

  • CVE-2018-0770HigJan 4, 2018
    risk 0.58cvss 7.5epss 0.78

    Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".…

  • CVE-2018-0769HigJan 4, 2018
    risk 0.58cvss 7.5epss 0.79

    Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".…

  • CVE-2018-0758HigJan 4, 2018
    risk 0.58cvss 7.5epss 0.81

    Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".…

  • CVE-2017-11936HigDec 12, 2017
    risk 0.58cvss 8.8epss 0.04

    Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".

  • CVE-2017-11879HigNov 15, 2017
    risk 0.58cvss 8.8epss 0.09

    ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".

  • CVE-2017-11854HigNov 15, 2017
    risk 0.58cvss 8.8epss 0.08

    Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects…

  • CVE-2017-11786HigOct 13, 2017
    risk 0.58cvss 8.8epss 0.09

    Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."

  • CVE-2017-8740HigSep 13, 2017
    risk 0.58cvss 7.5epss 0.72

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is…

  • CVE-2017-8729HigSep 13, 2017
    risk 0.58cvss 7.5epss 0.72

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is…

  • CVE-2017-8660HigSep 13, 2017
    risk 0.58cvss 8.8epss 0.10

    Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka…

  • CVE-2017-8658CriAug 11, 2017
    risk 0.58cvss 9.8epss 0.20

    A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

  • CVE-2017-8664HigAug 8, 2017
    risk 0.58cvss 8.8epss 0.04

    Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from a privileged user on a guest operating…

  • CVE-2017-8636HigAug 8, 2017
    risk 0.58cvss 7.5epss 0.72

    Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to…

  • CVE-2017-8625HigAug 8, 2017
    risk 0.58cvss 8.8epss 0.15

    Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass…

  • CVE-2017-8569HigJul 11, 2017
    risk 0.58cvss 8.8epss 0.05

    Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability".

  • CVE-2017-9948HigJun 26, 2017
    risk 0.58cvss 8.8epss 0.06

    A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.

  • CVE-2017-8541HigMay 26, 2017
    risk 0.58cvss 7.8epss 0.50

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

Page 8 of 284