Lucene search
K
MscveMost viewed

21761 matches found

Microsoft CVE
Microsoft CVE
added 2020/10/13 7:0 a.m.35 views

Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability

A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics...

5.4CVSS1.1AI score0.01326EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/10/13 7:0 a.m.35 views

Windows Event System Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges...

7.8CVSS4.4AI score0.007EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/10/13 7:0 a.m.35 views

Azure Functions Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way Azure Functions validate access keys. An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization. This security update addresses the vulnerability by correctly...

9.8CVSS2.4AI score0.03123EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/09/08 7:0 a.m.35 views

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on ...

5.5CVSS1.7AI score0.01129EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/08/11 7:0 a.m.35 views

Windows Image Acquisition Service Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows Image Acquisition WIA Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an...

7.8CVSS3AI score0.01477EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/08/11 7:0 a.m.35 views

Media Foundation Memory Corruption Vulnerability

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an...

7.8CVSS2.5AI score0.03463EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/08/11 7:0 a.m.35 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

9.3CVSS1.5AI score0.0451EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/07/14 7:0 a.m.35 views

Windows WalletService Information Disclosure Vulnerability

An information disclosure vulnerability exists in the way that the WalletService handles memory. To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application. The security update addresses the vulnerabilit...

5.5CVSS3.8AI score0.01225EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/05/12 7:0 a.m.35 views

Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability

A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics...

5.4CVSS1.1AI score0.01414EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/04/14 7:0 a.m.35 views

Microsoft Graphics Components Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafte...

9.3CVSS3.9AI score0.11685EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/04/14 7:0 a.m.35 views

Jet Database Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...

9.3CVSS4.4AI score0.11685EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/03/10 7:0 a.m.35 views

Microsoft Word Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the...

9.3CVSS1.8AI score0.11548EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/03/10 7:0 a.m.35 views

Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a speciall...

7.8CVSS3.3AI score0.0098EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/02/11 8:0 a.m.35 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

7.8CVSS3.5AI score0.00962EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/12/17 8:0 a.m.35 views

Microsoft SharePoint Server Information Disclosure Vulnerability

An information disclosure vulnerability exists in SharePoint Server. An attacker who exploited this vulnerability could read arbitrary files on the server. To exploit the vulnerability, an attacker would need to send a specially crafted request to a susceptible SharePoint Server instance. The...

1.9AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/09/10 7:0 a.m.35 views

Remote Desktop Client Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs;...

9.3CVSS2.3AI score0.11672EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.35 views

Remote Desktop Protocol Server Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to...

7.5CVSS3.6AI score0.07603EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.35 views

Microsoft Graphics Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data...

9.3CVSS9.3AI score0.13904EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.35 views

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. To exploit this...

7.2CVSS3.8AI score0.70227EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.35 views

XmlLite Runtime Denial of Service Vulnerability

A denial of service vulnerability exists when the XmlLite runtime XmlLite.dll improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by...

5.5CVSS5.2AI score0.03102EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.35 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

7.8CVSS3.5AI score0.01045EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/07/09 7:0 a.m.35 views

GDI+ Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or dele...

9.3CVSS8AI score0.11345EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/07/09 7:0 a.m.35 views

Microsoft Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Windows where certain folders, with local service privilege, are vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could potentially access unauthorized information. The update addresses this...

5.5CVSS4.7AI score0.0162EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/07/09 7:0 a.m.35 views

Docker Elevation of Privilege Vulnerability

Summary CVE-2018-15664 describes a vulnerability in the Docker runtime and the underlying community project, Moby wherein a malicious/compromised container can acquire full read/write access to the host operating system where that container is running. The vulnerability depends on the way that th...

7.5CVSS7.2AI score0.03398EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2019/06/11 7:0 a.m.35 views

Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could explo...

6.5CVSS1.8AI score0.06645EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/05/14 7:0 a.m.35 views

Microsoft SharePoint Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

8.8CVSS1.2AI score0.03316EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/05/14 7:0 a.m.35 views

Microsoft SharePoint Server Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security conte...

8.8CVSS2.1AI score0.09554EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/05/14 7:0 a.m.35 views

Microsoft SharePoint Spoofing Vulnerability

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The...

5.7CVSS0.8AI score0.02461EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.35 views

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver luafv.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change...

7.8CVSS2.9AI score0.04139EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.35 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

7.8CVSS2.9AI score0.4523EPSS
Exploits26
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.35 views

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by entici...

7.8CVSS4.3AI score0.10505EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/03/12 7:0 a.m.35 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

7.8CVSS2.9AI score0.53298EPSS
Exploits10
Microsoft CVE
Microsoft CVE
added 2019/02/12 8:0 a.m.35 views

Microsoft Browser Spoofing Vulnerability

A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve a...

4.3CVSS2.3AI score0.02786EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/10/09 7:0 a.m.35 views

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...

5.8CVSS1.3AI score0.03467EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/10/09 7:0 a.m.35 views

Azure IoT Device Client SDK Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who...

9.3CVSS3.3AI score0.15191EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/10/09 7:0 a.m.35 views

Microsoft Word Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.7AI score0.18674EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/09/11 7:0 a.m.35 views

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS1.4AI score0.69019EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2018/08/14 7:0 a.m.35 views

GDI+ Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or dele...

9.3CVSS7.3AI score0.67874EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/08/14 7:0 a.m.35 views

Windows NDIS Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the Network Driver Interface Specification NDIS when ndis.sys fails to check the length of a buffer prior to copying memory to it. To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to...

7.8CVSS2.7AI score0.01193EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/07/10 7:0 a.m.35 views

Scripting Engine Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard CFG to be bypassed. By itself, the CFG bypass vulnerability does not allow arbitrary code execution. However, an attacker could use the CFG bypass vulnerability in conjunction wi...

6.5CVSS1.4AI score0.05257EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/05/08 7:0 a.m.35 views

Microsoft Exchange Server Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access OWA fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive...

5.8CVSS1.6AI score0.03283EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/05/08 7:0 a.m.35 views

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS1.4AI score0.14512EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/04/10 7:0 a.m.35 views

April 2018 Adobe Flash Security Update

This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin APSB18-08: CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, and CVE-2018-4937...

9.3CVSS7.7AI score0.29073EPSS
Exploits8
Microsoft CVE
Microsoft CVE
added 2018/03/13 7:0 a.m.35 views

Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an...

4.3CVSS1.3AI score0.05536EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/01/09 8:0 a.m.35 views

ASP.NET Core Cross Site Request Forgery Vulnerabilty

A Cross Site Request Forgery CSRF vulnerability exists when a ASP.NET Core web application is created using vulnerable project templates. An attacker who successfully exploited this vulnerability could change the recovery codes associated with the victim's user account without his/her consent. As...

6.5CVSS3.2AI score0.03035EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/11/14 8:0 a.m.35 views

Microsoft Office Excel Security Feature Bypass

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document. The security feature bypass by itself does not allow arbitrary code execution. To successfully exploit the vulnerability, an attacker would have to embed a control in ...

5.5CVSS2.8AI score0.04546EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/10/10 7:0 a.m.35 views

Microsoft SharePoint Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

5.4CVSS1.2AI score0.02267EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/10/10 7:0 a.m.35 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully...

7.6CVSS7.9AI score0.5389EPSS
Exploits4
Microsoft CVE
Microsoft CVE
added 2017/09/12 7:0 a.m.35 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS1.5AI score0.71272EPSS
Exploits3
Microsoft CVE
Microsoft CVE
added 2017/09/12 7:0 a.m.35 views

Microsoft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain. To exploit the vulnerability, an...

4.3CVSS2.2AI score0.08439EPSS
Exploits0
Total number of security vulnerabilities5000