microsoft vulnerabilities and exploits

NA
CVE-2019-19616

An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the...

NA
CVE-2019-3654

Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which...

NA
CVE-2019-1460

Microsoft Outlook for Android could allow an authenticated remote attacker to conduct spoofing attacks, caused by improper handling of email messages. By sending specially-crafted email messages, an attacker could exploit this vulnerability to spoof legitimate email and perform...

6.8
CVSSv2
CVE-2010-2731

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory...

MicrosoftInternet Information Server
2.1
CVSSv2
CVE-2015-2433

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application,...

9.3
CVSSv2
CVE-2015-2426

Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute...

MicrosoftWindows 10Windows 7Windows 8Windows 8.1Windows RtWindows Rt 8.1Windows Server 2008Windows Server 2012Windows Vista
5.1
CVSSv2
CVE-2018-0824

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT...

MicrosoftWindows 10Windows 7Windows 8.1Windows Rt 8.1Windows Server 2008Windows Server 2012Windows Server 2016
9
CVSSv2
CVE-2019-0719

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from...

4.3
CVSSv2
CVE-2019-1446

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'....

5
CVSSv2
CVE-2019-1234

A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'....

MicrosoftAzure Stack