CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1369 200 +Info 2019-10-10 2019-10-11
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.
2 CVE-2019-1317 59 DoS 2019-10-10 2019-10-11
5.6
None Local Low Not required None Partial Complete
A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.
3 CVE-2019-1301 20 DoS 2019-09-11 2019-09-12
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'.
4 CVE-2019-1265 20 Bypass 2019-09-11 2019-09-12
5.0
None Remote Low Not required None Partial None
A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy.This could allow an attacker to perform functions that are restricted by Intune Policy.The security update addresses the vulnerability by correcting the way the policy is applied to Yammer App., aka 'Microsoft Yammer Security Feature Bypass Vulnerability'.
5 CVE-2019-1255 20 DoS 2019-09-23 2019-09-24
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.
6 CVE-2019-1225 200 +Info 2019-08-14 2019-08-22
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Server Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1224.
7 CVE-2019-1224 200 +Info 2019-08-14 2019-08-22
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Server Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1225.
8 CVE-2019-1223 20 DoS 2019-08-14 2019-08-22
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
9 CVE-2019-1206 119 DoS Overflow Mem. Corr. 2019-08-14 2019-08-20
5.0
None Remote Low Not required None None Partial
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1212.
10 CVE-2019-1187 611 DoS 2019-08-14 2019-08-21
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input, aka 'XmlLite Runtime Denial of Service Vulnerability'.
11 CVE-2019-1136 264 2019-07-15 2019-07-19
5.1
None Remote High Not required Partial Partial Partial
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
12 CVE-2019-1126 254 Bypass 2019-07-15 2019-07-22
5.0
None Remote Low Not required Partial None None
A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0975.
13 CVE-2019-1083 19 DoS 2019-07-15 2019-07-16
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.
14 CVE-2019-1075 601 2019-07-15 2019-07-19
5.8
None Remote Medium Not required Partial Partial None
A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.
15 CVE-2019-1054 254 Bypass 2019-06-12 2019-06-13
5.1
None Remote High Not required Partial Partial Partial
A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW), aka 'Microsoft Edge Security Feature Bypass Vulnerability'.
16 CVE-2019-1006 287 Bypass 2019-07-15 2019-07-19
5.0
None Remote Low Not required None Partial None
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.
17 CVE-2019-0982 19 DoS 2019-05-16 2019-05-20
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
18 CVE-2019-0981 19 DoS 2019-05-16 2019-05-22
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.
19 CVE-2019-0980 19 DoS 2019-05-16 2019-05-22
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.
20 CVE-2019-0966 20 DoS 2019-07-15 2019-07-18
5.5
None Local Network Low Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.
21 CVE-2019-0941 19 DoS 2019-06-12 2019-06-12
5.0
None Remote Low Not required None None Partial
A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests, aka 'Microsoft IIS Server Denial of Service Vulnerability'.
22 CVE-2019-0928 20 DoS 2019-09-11 2019-09-12
5.5
None Local Network Low Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.
23 CVE-2019-0875 264 2019-04-09 2019-07-16
5.0
None Remote Low Not required None Partial None
An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.
24 CVE-2019-0865 20 DoS 2019-07-15 2019-07-22
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digital signature.An attacker could exploit the vulnerability by creating a specially crafted connection or message.The security update addresses the vulnerability by correcting the way SymCrypt handles digital signatures., aka 'SymCrypt Denial of Service Vulnerability'.
25 CVE-2019-0820 20 DoS 2019-05-16 2019-05-22
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
26 CVE-2019-0817 19 2019-04-09 2019-04-11
5.8
None Remote Medium Not required Partial Partial None
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.
27 CVE-2019-0815 19 DoS 2019-04-09 2019-04-10
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
28 CVE-2019-0811 19 DoS 2019-07-15 2019-07-19
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries, aka 'Windows DNS Server Denial of Service Vulnerability'.
29 CVE-2019-0723 20 DoS 2019-08-14 2019-08-20
5.5
None Local Network Low Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0718.
30 CVE-2019-0718 20 DoS 2019-08-14 2019-08-20
5.5
None Local Network Low Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0723.
31 CVE-2019-0717 20 DoS 2019-08-14 2019-08-20
5.5
None Local Network Low Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0715, CVE-2019-0718, CVE-2019-0723.
32 CVE-2019-0715 20 DoS 2019-08-14 2019-08-20
5.5
None Local Network Low Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0714, CVE-2019-0717, CVE-2019-0718, CVE-2019-0723.
33 CVE-2019-0714 20 DoS 2019-08-14 2019-08-20
5.5
None Local Network Low Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0715, CVE-2019-0717, CVE-2019-0718, CVE-2019-0723.
34 CVE-2019-0713 20 DoS 2019-06-12 2019-06-12
5.5
None Local Network Low Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0710, CVE-2019-0711.
35 CVE-2019-0711 20 DoS 2019-06-12 2019-06-12
5.5
None Local Network Low Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0710, CVE-2019-0713.
36 CVE-2019-0710 20 DoS 2019-06-12 2019-06-12
5.5
None Local Network Low Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0711, CVE-2019-0713.
37 CVE-2019-0701 20 DoS 2019-04-08 2019-04-09
5.5
None Local Network Low Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0695.
38 CVE-2019-0695 20 DoS 2019-04-08 2019-04-09
5.5
None Local Network Low Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0701.
39 CVE-2019-0690 20 DoS 2019-04-08 2019-05-08
5.5
None Local Network Low Single system None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0695, CVE-2019-0701.
40 CVE-2019-0688 200 +Info 2019-04-09 2019-07-09
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'.
41 CVE-2019-0564 19 DoS 2019-01-08 2019-01-11
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.
42 CVE-2019-0548 19 DoS 2019-01-08 2019-01-15
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564.
43 CVE-2019-0545 200 Bypass +Info 2019-01-08 2019-01-14
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.
44 CVE-2018-17612 295 2018-11-09 2019-05-15
5.0
None Remote Low Not required None Partial None
Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted.
45 CVE-2018-16794 918 2018-09-18 2018-11-20
5.0
None Remote Low Not required None Partial None
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.
46 CVE-2018-16793 918 2018-09-21 2018-11-20
5.0
None Remote Low Not required None Partial None
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
47 CVE-2018-8581 2018-11-13 2019-10-02
5.8
None Remote Medium Not required Partial Partial None
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
48 CVE-2018-8567 2018-11-13 2019-10-02
5.8
None Remote Medium Not required Partial Partial None
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.
49 CVE-2018-8517 20 DoS 2018-12-11 2019-05-08
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka ".NET Framework Denial Of Service Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
50 CVE-2018-8512 20 Bypass 2018-10-10 2018-12-06
5.8
None Remote Medium Not required Partial Partial None
A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8530.
Total number of vulnerabilities : 798   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.