Vulnerabilities (CVE)

Vendor filter

Microsoft Subscribe

Filter

6649 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1126 1 Microsoft 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 2019-07-22 5.0
A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted...
CVE-2019-1084 1 Microsoft 9 Exchange Server, Lync, Lync Basic and 6 more 2019-07-22 4.0
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display...
CVE-2019-0975 1 Microsoft 2 Windows Server 2016, Windows Server 2019 2019-07-22 6.8
A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to...
CVE-2019-0865 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-07-22 5.0
A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digital signature.An attacker could exploit the vulnerability by creating a specially crafted connection or message.The security update addresses the...
CVE-2019-1137 1 Microsoft 1 Exchange Server 2019-07-19 3.5
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
CVE-2019-1089 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-07-19 7.2
An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request. To exploit this vulnerability, a low level authenticated attacker could run a specially crafted application. The...
CVE-2019-1072 1 Microsoft 2 Team Foundation Server, Azure Devops Server 2019-07-19 7.5
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.
CVE-2019-1102 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2019-07-19 9.3
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
CVE-2019-1134 1 Microsoft 2 Sharepoint Enterprise Server, Sharepoint Server 2019-07-19 3.5
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
CVE-2019-1109 1 Microsoft 2 Office, Office 365 2019-07-19 6.4
A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office...
CVE-2019-1132 1 Microsoft 2 Windows 7, Windows Server 2008 2019-07-19 7.2
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
CVE-2019-0962 1 Microsoft 1 Azure Automation 2019-07-19 4.0
An elevation of privilege vulnerability exists in Azure Automation "RunAs account" runbooks for users with contributor role, aka 'Azure Automation Elevation of Privilege Vulnerability'.
CVE-2019-0785 1 Microsoft 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 2019-07-19 7.5
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.
CVE-2019-1006 1 Microsoft 13 .net Framework, Identitymodel, Sharepoint Enterprise Server and 10 more 2019-07-19 5.0
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.
CVE-2019-1136 1 Microsoft 1 Exchange Server 2019-07-19 5.1
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
CVE-2019-1075 1 Microsoft 1 Asp.net Core 2019-07-19 5.8
A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.
CVE-2019-1082 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2019-07-19 7.2
An elevation of privilege vulnerability exists in Microsoft Windows where a certain DLL, with Local Service privilege, is vulnerable to race planting a customized DLL.An attacker who successfully exploited this vulnerability could potentially...
CVE-2019-1113 1 Microsoft 2 .net Framework, Visual Studio 2017 2019-07-19 6.8
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka...
CVE-2019-0811 1 Microsoft 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 2019-07-19 5.0
A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries, aka 'Windows DNS Server Denial of Service Vulnerability'.
CVE-2019-0887 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-07-19 8.5
A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.