VYPR

Vendor CVEs

Microsoft

All CVEs

14,175 total · sorted by risk
  • CVE-2017-8538HigMay 26, 2017
    risk 0.58cvss 7.8epss 0.50

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2017-0252CriMay 15, 2017
    risk 0.58cvss 9.8epss 0.13

    A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0223.

  • CVE-2017-0223CriMay 15, 2017
    risk 0.58cvss 9.8epss 0.15

    A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0252.

  • CVE-2017-0108HigMar 17, 2017
    risk 0.58cvss 7.8epss 0.50

    The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to…

  • CVE-2017-0070HigMar 17, 2017
    risk 0.58cvss 7.5epss 0.79

    A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the…

  • CVE-2017-0002HigJan 10, 2017
    risk 0.58cvss 8.8epss 0.15

    Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability."

  • CVE-2016-7254HigNov 10, 2016
    risk 0.58cvss 8.8epss 0.12

    Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."

  • CVE-2016-7253HigNov 10, 2016
    risk 0.58cvss 8.8epss 0.12

    The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability."

  • CVE-2016-7250HigNov 10, 2016
    risk 0.58cvss 8.8epss 0.12

    Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."

  • CVE-2016-7249HigNov 10, 2016
    risk 0.58cvss 8.8epss 0.12

    Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."

  • CVE-2016-3357HigSep 14, 2016
    risk 0.58cvss 7.8epss 0.55

    Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server…

  • CVE-2016-3313HigAug 9, 2016
    risk 0.58cvss 7.8epss 0.50

    Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."

  • CVE-2016-3304HigAug 9, 2016
    risk 0.58cvss 7.8epss 0.51

    The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers…

  • CVE-2016-3303HigAug 9, 2016
    risk 0.58cvss 7.8epss 0.51

    The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers…

  • CVE-2016-4148HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-4145HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-4140HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-4126HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

  • CVE-2016-3228HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.13

    Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka "Windows Netlogon Memory Corruption Remote Code Execution Vulnerability."

  • CVE-2016-0183HigMay 11, 2016
    risk 0.58cvss 8.8epss 0.16

    The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Microsoft Office Graphics RCE…

  • CVE-2016-0147HigApr 12, 2016
    risk 0.58cvss 8.8epss 0.16

    Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."

  • CVE-2016-0068HigFeb 18, 2016
    risk 0.58cvss 8.8epss 0.15

    Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069.

  • CVE-2016-0071HigFeb 10, 2016
    risk 0.58cvss 8.8epss 0.14

    Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2016-0067HigFeb 10, 2016
    risk 0.58cvss 8.8epss 0.14

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060,…

  • CVE-2016-0064HigFeb 10, 2016
    risk 0.58cvss 8.8epss 0.14

    Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2016-0015HigJan 13, 2016
    risk 0.58cvss 7.8epss 0.51

    DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "DirectShow Heap…

  • CVE-2016-0009HigJan 13, 2016
    risk 0.58cvss 8.8epss 0.16

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via unspecified vectors, aka "Win32k Remote Code Execution Vulnerability."

  • CVE-2011-1265HigJul 13, 2011
    risk 0.58cvss 8.8epss 0.06

    The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth…

  • CVE-2010-0820HigSep 15, 2010
    risk 0.58cvss 8.8epss 0.14

    Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server…

  • CVE-2007-4040HigJul 27, 2007
    risk 0.58cvss 8.8epss 0.13

    Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are…

  • CVE-2026-47653HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-47289HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-45648HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.

  • CVE-2026-45504HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-45484HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.02

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-42985HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-40371HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-32193HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.

  • CVE-2026-46414HigMay 27, 2026
    risk 0.57cvss 8.8epss 0.01

    Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but…

  • CVE-2026-45659HigMay 22, 2026
    risk 0.57cvss 8.8epss 0.03

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2026-35430HigMay 22, 2026
    risk 0.57cvss 8.8epss 0.00

    Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-45495HigMay 18, 2026
    risk 0.57cvss 8.8epss 0.01

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

  • CVE-2026-41109HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-41094HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

  • CVE-2026-41086HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-40420HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40403HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

  • CVE-2026-40365HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2026-40357HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.02

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2026-35439HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.02

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Page 9 of 284