Lucene search
K
MscveMost viewed

21727 matches found

Microsoft CVE
Microsoft CVE
added 2019/11/19 8:0 a.m.36 views

Outlook for Android Spoofing Vulnerability

A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this...

4.6CVSS3.3AI score0.01445EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/11/12 8:0 a.m.36 views

Jet Database Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...

9.3CVSS4.4AI score0.12439EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/11/12 8:0 a.m.36 views

Windows Error Reporting Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to...

5.5CVSS3.8AI score0.06602EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/10/08 7:0 a.m.36 views

Windows Update Client Information Disclosure Vulnerability

An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. To exploit this vulnerability, an authenticated attacke...

5.5CVSS2.4AI score0.02052EPSS
Exploits4
Microsoft CVE
Microsoft CVE
added 2019/09/10 7:0 a.m.36 views

ASP.NET Core Elevation Of Privilege Vulnerability

An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests. An attacker who successfully exploited this vulnerability could perform content injection attacks and run script in the security...

8.8CVSS2.1AI score0.04526EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/09/10 7:0 a.m.36 views

Microsoft Yammer Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy. This could allow an attacker to perform functions that are restricted by Intune Policy. The security update addresses the vulnerability by correcting the way the poli...

7.5CVSS2.6AI score0.03142EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/09/10 7:0 a.m.36 views

Microsoft Exchange Spoofing Vulnerability

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App OWA fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive...

6.1CVSS1.2AI score0.0185EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/09/10 7:0 a.m.36 views

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.6AI score0.20455EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.36 views

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS1.4AI score0.01883EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.36 views

Dynamics On-Premise Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker...

8.8CVSS2.2AI score0.03454EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.36 views

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially...

7CVSS3.3AI score0.00816EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.36 views

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...

7.8CVSS3.3AI score0.11666EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.36 views

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a...

7CVSS3.3AI score0.00712EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/07/09 7:0 a.m.36 views

Team Foundation Server Cross-site Scripting Vulnerability

A Cross-site Scripting XSS vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the...

5.4CVSS2AI score0.01627EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/06/11 7:0 a.m.36 views

Microsoft Speech API Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Microsoft Speech API SAPI improperly handles text-to-speech TTS input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, an...

7.8CVSS2.7AI score0.03524EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/06/11 7:0 a.m.36 views

Microsoft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack...

6.5CVSS1.9AI score0.02335EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/06/11 7:0 a.m.36 views

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS1.4AI score0.02354EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/06/11 7:0 a.m.36 views

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging MOTW. Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed. In a web-based attack scenario, an attacker could host a malicious website that is...

5.1CVSS1AI score0.01604EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/05/14 7:0 a.m.36 views

.Net Framework and .Net Core Denial of Service Vulnerability

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework or .NET Core web application. The vulnerability can be exploited remotely,...

7.5CVSS2.9AI score0.04943EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.36 views

MS XML Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could hos...

9.3CVSS4.1AI score0.17217EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.36 views

Azure DevOps Server HTML Injection Vulnerability

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An...

6.1CVSS0.6AI score0.01955EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.36 views

ASP.NET Core Denial of Service Vulnerability

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A...

7.5CVSS3.3AI score0.06972EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/02/12 8:0 a.m.36 views

Windows Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity UMCI policy on the machine. To exploit the vulnerability, an attacker would first...

7.8CVSS2.9AI score0.01335EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/02/12 8:0 a.m.36 views

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by entici...

9.3CVSS4.3AI score0.14817EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/02/12 8:0 a.m.36 views

Microsoft SharePoint Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

8.8CVSS1.2AI score0.03861EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/01/08 8:0 a.m.36 views

Microsoft Outlook Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages. An attacker who successfully exploited this vulnerability could gather information about the victim. An attacker could exploit this vulnerability by sending a specially crafted emai...

6.5CVSS0.8AI score0.06783EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/01/08 8:0 a.m.36 views

Microsoft Office SharePoint XSS Vulnerability

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

5.4CVSS0.9AI score0.0207EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/12/11 8:0 a.m.36 views

.NET Framework Remote Code Execution Injection Vulnerability

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new...

10CVSS3.3AI score0.22131EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/12/11 8:0 a.m.36 views

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS1.4AI score0.10938EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/12/11 8:0 a.m.36 views

Microsoft SharePoint Information Disclosure Vulnerability

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks a variant of cross-site request forgery, CSRF. When users are simultaneously logged in to Microsoft SharePoint Server and visit a...

4.3CVSS1.5AI score0.043EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/11/13 8:0 a.m.36 views

Windows ALPC Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view...

7.8CVSS3AI score0.02696EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2018/11/13 8:0 a.m.36 views

BitLocker Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data. To exploit the vulnerability, an attacker must gain physical...

4.6CVSS2.9AI score0.01021EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/11/13 8:0 a.m.37 views

.NET Core Tampering Vulnerability

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the...

6.5CVSS2.3AI score0.07258EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/10/09 7:0 a.m.36 views

Windows TCP/IP Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have ...

7.5CVSS2.1AI score0.08421EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/09/11 7:0 a.m.36 views

Microsoft SharePoint Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

5.4CVSS1.2AI score0.02253EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/09/11 7:0 a.m.36 views

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have t...

5.5CVSS2.7AI score0.01675EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/08/14 7:0 a.m.36 views

Microsoft COM for Windows Remote Code Execution Vulnerability

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could...

9.3CVSS7.2AI score0.22661EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/08/14 7:0 a.m.36 views

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.6AI score0.16245EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/07/10 7:0 a.m.36 views

Microsoft SharePoint Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint...

8.8CVSS2.9AI score0.12755EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/06/12 7:0 a.m.36 views

Windows Hyper-V Denial of Service Vulnerability

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the...

7.7CVSS3.3AI score0.07175EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/06/12 7:0 a.m.36 views

Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code...

5.3CVSS3.6AI score0.01976EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/05/08 7:0 a.m.36 views

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.6AI score0.20262EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/02/13 8:0 a.m.36 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

9.3CVSS2.5AI score0.15101EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/02/13 8:0 a.m.36 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS1.5AI score0.15711EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/02/13 8:0 a.m.36 views

StructuredQuery Remote Code Execution Vulnerability

A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative...

8.1CVSS2.4AI score0.16778EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/01/09 8:0 a.m.36 views

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Offiice parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or crea...

9.3CVSS4.1AI score0.2057EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/12/12 8:0 a.m.36 views

Microsoft Office Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...

5.5CVSS1.1AI score0.12588EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/11/14 8:0 a.m.36 views

Microsoft Edge based on Edge HTML Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attac...

4.3CVSS0.7AI score0.0593EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/10/10 7:0 a.m.36 views

Microsoft SharePoint Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

5.4CVSS1.2AI score0.02267EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/09/12 7:0 a.m.36 views

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy CSP fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. To exploit the bypas...

4.3CVSS5.7AI score0.04314EPSS
Exploits0
Total number of security vulnerabilities5000