CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2020-1045 Bypass 2020-09-11 2020-10-02
5.0
None Remote Low Not required None Partial None
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.
102 CVE-2020-1031 2020-09-11 2020-09-16
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server, aka 'Windows DHCP Server Information Disclosure Vulnerability'.
103 CVE-2020-1018 200 +Info 2020-04-15 2020-04-22
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.
104 CVE-2020-0909 20 DoS 2020-05-21 2021-07-21
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets.To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to properly handle these network packets., aka 'Windows Hyper-V Denial of Service Vulnerability'.
105 CVE-2020-0878 Exec Code Mem. Corr. 2020-09-11 2021-07-21
5.1
None Remote High Not required Partial Partial Partial
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.
106 CVE-2020-0876 200 +Info 2020-03-12 2021-07-21
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.
107 CVE-2020-0836 20 DoS 2020-09-11 2021-07-21
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1228.
108 CVE-2020-0813 200 +Info 2020-03-12 2021-07-21
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.
109 CVE-2020-0786 20 DoS 2020-03-12 2021-07-21
5.6
None Local Low Not required None Partial Complete
A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links, aka 'Windows Tile Object Service Denial of Service Vulnerability'.
110 CVE-2020-0746 200 +Info 2020-02-11 2021-07-21
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.
111 CVE-2020-0695 20 2020-02-11 2021-07-21
5.8
None Remote Medium Not required Partial Partial None
A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'.
112 CVE-2020-0661 20 DoS 2020-02-11 2020-02-13
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0751.
113 CVE-2020-0660 20 DoS 2020-02-11 2021-07-21
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
114 CVE-2020-0647 20 2020-01-14 2021-07-21
5.8
None Remote Medium Not required Partial Partial None
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'.
115 CVE-2020-0645 20 2020-03-12 2021-07-21
5.0
None Remote Low Not required None Partial None
A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'.
116 CVE-2020-0612 20 DoS 2020-01-14 2021-07-21
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'.
117 CVE-2020-0611 20 Exec Code 2020-01-14 2021-07-21
5.1
None Remote High Not required Partial Partial Partial
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
118 CVE-2020-0602 400 DoS 2020-01-14 2021-07-21
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
119 CVE-2020-0601 295 2020-01-14 2020-01-16
5.8
None Remote Medium Not required Partial Partial None
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
120 CVE-2019-5917 DoS 2019-03-12 2020-08-24
5.0
None Remote Low Not required None None Partial
azure-umqtt-c (available through GitHub prior to 2017 October 6) allows remote attackers to cause a denial of service via unspecified vectors.
121 CVE-2019-1489 200 +Info 2019-12-10 2019-12-12
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, aka 'Remote Desktop Protocol Information Disclosure Vulnerability'.
122 CVE-2019-1486 601 2019-12-10 2019-12-16
5.8
None Remote Medium Not required Partial Partial None
A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'.
123 CVE-2019-1453 DoS 2019-12-10 2020-08-24
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
124 CVE-2019-1447 346 2019-11-12 2020-08-24
5.8
None Remote Medium Not required Partial Partial None
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1445.
125 CVE-2019-1445 346 2019-11-12 2020-08-24
5.8
None Remote Medium Not required Partial Partial None
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447.
126 CVE-2019-1425 59 2019-11-12 2020-08-24
5.8
None Remote Medium Not required None Partial Partial
An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.
127 CVE-2019-1399 20 DoS 2019-11-12 2019-11-13
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1310.
128 CVE-2019-1351 706 2020-01-24 2020-08-24
5.0
None Remote Low Not required None Partial None
A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.
129 CVE-2019-1324 200 +Info 2019-11-12 2019-11-13
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'.
130 CVE-2019-1317 59 DoS 2019-10-10 2019-10-11
5.6
None Local Low Not required None Partial Complete
A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.
131 CVE-2019-1301 DoS 2019-09-11 2020-08-24
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'.
132 CVE-2019-1265 Bypass 2019-09-11 2020-08-24
5.0
None Remote Low Not required None Partial None
A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy.This could allow an attacker to perform functions that are restricted by Intune Policy.The security update addresses the vulnerability by correcting the way the policy is applied to Yammer App., aka 'Microsoft Yammer Security Feature Bypass Vulnerability'.
133 CVE-2019-1255 DoS 2019-09-23 2021-09-09
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.
134 CVE-2019-1234 290 2019-11-12 2020-02-13
5.0
None Remote Low Not required None Partial None
A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'.
135 CVE-2019-1225 200 +Info 2019-08-14 2019-08-22
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Server Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1224.
136 CVE-2019-1224 200 +Info 2019-08-14 2019-08-22
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Server Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1225.
137 CVE-2019-1223 DoS 2019-08-14 2020-08-24
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
138 CVE-2019-1206 787 DoS Mem. Corr. 2019-08-14 2020-08-24
5.0
None Remote Low Not required None None Partial
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1212.
139 CVE-2019-1187 611 DoS 2019-08-14 2019-08-21
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input, aka 'XmlLite Runtime Denial of Service Vulnerability'.
140 CVE-2019-1136 2019-07-15 2020-08-24
5.1
None Remote High Not required Partial Partial Partial
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
141 CVE-2019-1126 307 Bypass 2019-07-15 2020-08-24
5.0
None Remote Low Not required Partial None None
A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0975.
142 CVE-2019-1075 601 2019-07-15 2019-07-19
5.8
None Remote Medium Not required Partial Partial None
A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.
143 CVE-2019-1006 295 Bypass 2019-07-15 2020-08-24
5.0
None Remote Low Not required None Partial None
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.
144 CVE-2019-0982 19 DoS 2019-05-16 2019-05-20
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
145 CVE-2019-0981 19 DoS 2019-05-16 2019-05-22
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.
146 CVE-2019-0980 19 DoS 2019-05-16 2019-05-22
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.
147 CVE-2019-0966 20 DoS 2019-07-15 2019-07-18
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.
148 CVE-2019-0941 19 DoS 2019-06-12 2019-06-12
5.0
None Remote Low Not required None None Partial
A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests, aka 'Microsoft IIS Server Denial of Service Vulnerability'.
149 CVE-2019-0928 20 DoS 2019-09-11 2019-09-12
5.5
None Local Network Low ??? None None Complete
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'.
150 CVE-2019-0875 2019-04-09 2020-08-24
5.0
None Remote Low Not required None Partial None
An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.
Total number of vulnerabilities : 883   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.