Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-8581

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-14 Nov, 2018 | 01:00
Updated At-21 Oct, 2025 | 23:45
Rejected At-
Credits

Microsoft Exchange Server Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Microsoft CorporationMicrosoft
Product:Exchange Server
Added At:03 Mar, 2022
Due At:17 Mar, 2022

Microsoft Exchange Server Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.

Used in Ransomware

:

Known

CWE

:
N/A

Required Action:

Apply updates per vendor instructions.

Additional Notes:

https://nvd.nist.gov/vuln/detail/CVE-2018-8581
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:14 Nov, 2018 | 01:00
Updated At:21 Oct, 2025 | 23:45
Rejected At:
â–¼CVE Numbering Authority (CNA)

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server
Versions
Affected
  • 2010
  • 2013
  • 2016
  • 2019
Problem Types
TypeCWE IDDescription
textN/AElevation of Privilege
Type: text
CWE ID: N/A
Description: Elevation of Privilege
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securitytracker.com/id/1042141
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/105837
vdb-entry
x_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1042141
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/105837
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securitytracker.com/id/1042141
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/105837
vdb-entry
x_refsource_BID
x_transferred
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1042141
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/105837
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581
Resource:
x_refsource_CONFIRM
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-noinfoCWE-noinfo Not enough information
Type: CWE
CWE ID: CWE-noinfo
Description: CWE-noinfo Not enough information
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
kev
dateAdded:
2022-03-03
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8581
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
CVE-2018-8581 added to CISA KEV2022-03-03 00:00:00
Event: CVE-2018-8581 added to CISA KEV
Date: 2022-03-03 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8581
government-resource
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8581
Resource:
government-resource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:14 Nov, 2018 | 01:29
Updated At:28 Oct, 2025 | 14:12

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2022-03-032022-03-17Microsoft Exchange Server Privilege Escalation VulnerabilityApply updates per vendor instructions.
Date Added: 2022-03-03
Due Date: 2022-03-17
Vulnerability Name: Microsoft Exchange Server Privilege Escalation Vulnerability
Required Action: Apply updates per vendor instructions.
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Secondary3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Type: Primary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CPE Matches

Microsoft Corporation
microsoft
>>exchange_server>>2010
cpe:2.3:a:microsoft:exchange_server:2010:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>exchange_server>>2013
cpe:2.3:a:microsoft:exchange_server:2013:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>exchange_server>>2016
cpe:2.3:a:microsoft:exchange_server:2016:-:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>exchange_server>>2019
cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/bid/105837secure@microsoft.com
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042141secure@microsoft.com
Broken Link
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581secure@microsoft.com
Patch
Vendor Advisory
http://www.securityfocus.com/bid/105837af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042141af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8581134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/105837
Source: secure@microsoft.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1042141
Source: secure@microsoft.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/105837
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1042141
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8581
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

98Records found

CVE-2026-8646
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.34% / 25.71%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 14:44
Updated-24 Jun, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities

IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security controls, spoof identity, escalate privilege, and expose sensitive information.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft CorporationApple Inc.
Product-windowslinux_kerneliwebsphere_application_servermacosz\/osaixWebSphere Application ServerWebSphere Application Server - Liberty
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2026-9006
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.22% / 12.63%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 14:46
Updated-24 Jun, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server is affected by server-side request forgery

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowslinux_kerneliwebsphere_application_serverz\/osaixWebSphere Application Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2013-6798
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-1.85% / 76.56%
||
7 Day CHG~0.00%
Published-16 Nov, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationBlackBerry Limited
Product-windowsmac_os_xblackberry_linkn/a
CVE-2020-16971
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-3.59% / 88.02%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 23:36
Updated-09 Jun, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure SDK for Java Security Feature Bypass Vulnerability

Azure SDK for Java Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_sdk_for_javaAzure SDKAzure SDK for Java
CVE-2013-0013
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.8||MEDIUM
EPSS-6.35% / 92.80%
||
7 Day CHG~0.00%
Published-09 Jan, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_server_2008windows_vistawindows_8windows_server_2012n/a
CVE-2012-2549
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.8||MEDIUM
EPSS-10.00% / 95.04%
||
7 Day CHG~0.00%
Published-12 Dec, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0146
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.8||MEDIUM
EPSS-11.00% / 95.36%
||
7 Day CHG~0.00%
Published-10 Apr, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-forefront_unified_access_gatewayn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30992
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-6.1||MEDIUM
EPSS-0.51% / 39.99%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 19:42
Updated-16 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open redirect via user-controlled query parameter

Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-cyber_protectwindowslinux_kernelAcronis Cyber Protect 15
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-30209
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-2.08% / 79.22%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:37
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows IIS Server Elevation of Privilege Vulnerability

Windows IIS Server Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 1809Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2016Windows 7Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CVE-2010-2732
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.8||MEDIUM
EPSS-13.67% / 96.03%
||
7 Day CHG~0.00%
Published-10 Nov, 2010 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-forefront_unified_access_gatewayn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1409
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.8||MEDIUM
EPSS-2.98% / 85.64%
||
7 Day CHG~0.00%
Published-11 Jun, 2010 | 17:28
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-webkitwindows_7mac_os_xwindows_vistawindows_xpsafarimac_os_x_servern/a
CVE-2024-43550
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-1.08% / 60.99%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Secure Channel Spoofing Vulnerability

Windows Secure Channel Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_11_24h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 Version 23H2Windows Server 2016Windows 10 Version 1607Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-43456
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.76% / 50.60%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Services Tampering Vulnerability

Windows Remote Desktop Services Tampering Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows Server 2012 R2
CWE ID-CWE-284
Improper Access Control
CVE-2019-1445
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.75% / 50.48%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serverOffice Online Server
CWE ID-CWE-346
Origin Validation Error
CVE-2005-0420
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-25.56% / 97.70%
||
7 Day CHG~0.00%
Published-15 Feb, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-21954
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.49% / 70.91%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-02 Jan, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CVE-2022-26913
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-2.26% / 80.85%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:33
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Authentication Information Disclosure Vulnerability

Windows Authentication Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2022-21817
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-9.3||CRITICAL
EPSS-1.96% / 77.93%
||
7 Day CHG~0.00%
Published-02 Feb, 2022 | 12:17
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity.

Action-Not Available
Vendor-n/aNVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-omniverse_launcherwindowslinux_kerneln/a
CVE-2007-6357
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-15.96% / 96.50%
||
7 Day CHG~0.00%
Published-15 Dec, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-accessn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5355
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.8||MEDIUM
EPSS-16.63% / 96.63%
||
7 Day CHG~0.00%
Published-05 Dec, 2007 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_vistawindows_xpwindows_2000windows_2003_servern/a
CVE-2019-0686
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-5.04% / 91.25%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0724.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2010Microsoft Exchange Server 2013Microsoft Exchange Server 2016Microsoft Exchange Server 2019
CVE-2007-3164
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-9.85% / 94.98%
||
7 Day CHG~0.00%
Published-11 Jun, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CVE-2019-1075
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-2.64% / 83.75%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 18:56
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-asp.net_coreASP.NET Core
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2003-1567
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-25.06% / 97.66%
||
7 Day CHG~0.00%
Published-15 Jan, 2009 | 00:00
Updated-28 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_information_servicesn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-0670
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-2.46% / 82.48%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0817
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-2.29% / 81.11%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:16
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016Microsoft Exchange ServerMicrosoft Exchange Server 2019Microsoft Exchange Server 2013
CWE ID-CWE-19
Not Available
CVE-2007-1898
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-2.88% / 85.15%
||
7 Day CHG~0.00%
Published-16 May, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.

Action-Not Available
Vendor-windriversanta_cruz_operationjetboxn/aApple Inc.Sun Microsystems (Oracle Corporation)Linux Kernel Organization, IncHP Inc.Microsoft Corporation
Product-windows_memac_os_xjetbox_cmssco_unixlinux_kernelwindows_98tru64bsdoshp-uxwindows_98sewindows_ntwindows_xpsolariswindows_2000windows_2003_serverwindows_95n/a
CVE-2018-8512
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-3.47% / 87.63%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8530.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10Microsoft Edge
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8152
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-3.28% / 86.95%
||
7 Day CHG~0.00%
Published-09 May, 2018 | 19:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-8567
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-3.14% / 86.33%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 01:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_serverwindows_10Microsoft Edge
CVE-2018-8247
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-3.18% / 86.50%
||
7 Day CHG~0.00%
Published-14 Jun, 2018 | 12:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serveroffice_web_appsMicrosoft OfficeMicrosoft Office Online Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-8448
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-3.18% / 86.50%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-8278
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-6.41% / 92.85%
||
7 Day CHG~0.00%
Published-11 Jul, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10edgeMicrosoft Edge
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2018-8153
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-3.22% / 86.68%
||
7 Day CHG~0.00%
Published-09 May, 2018 | 19:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2018-8159
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-3.28% / 86.95%
||
7 Day CHG~0.00%
Published-09 May, 2018 | 19:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-4311
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.1||HIGH
EPSS-2.06% / 79.02%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchossafariwindowsicloudiOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-36873
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-1.33% / 67.61%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 18:34
Updated-01 Jan, 2025 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Framework Spoofing Vulnerability

.NET Framework Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_11_21h2windows_10_22h2windows_server_2022windows_10_1607windows_11_22h2.net_frameworkwindows_server_2019windows_server_2008Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 4.8Microsoft .NET Framework 3.5 AND 4.8.1Microsoft .NET Framework 4.6.2Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.5 and 4.6.2Microsoft .NET Framework 3.5 AND 4.7.2
CWE ID-CWE-20
Improper Input Validation
CVE-2005-1794
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-16.19% / 96.55%
||
7 Day CHG~0.00%
Published-01 Jun, 2005 | 04:00
Updated-22 May, 2026 | 10:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-remote_desktop_connectionwindows_terminal_services_using_rdpn/a
CVE-2026-35560
Matching Score-8
Assigner-Amazon
ShareView Details
Matching Score-8
Assigner-Amazon
CVSS Score-9.1||CRITICAL
EPSS-0.26% / 17.42%
||
7 Day CHG~0.00%
Published-03 Apr, 2026 | 20:10
Updated-14 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper certificate validation in identity provider connection components in Amazon Athena ODBC driver

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena. To remediate this issue, users should upgrade to version 2.1.0.0.

Action-Not Available
Vendor-amazonAmazonApple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelathena_odbcwindowsmacosAmazon Athena ODBC driver
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-35561
Matching Score-8
Assigner-Amazon
ShareView Details
Matching Score-8
Assigner-Amazon
CVSS Score-9.1||CRITICAL
EPSS-0.47% / 37.51%
||
7 Day CHG~0.00%
Published-03 Apr, 2026 | 20:10
Updated-14 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient authentication security controls in browser-based authentication components in Amazon Athena ODBC driver

Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediate this issue, users should upgrade to version 2.1.0.0.

Action-Not Available
Vendor-amazonAmazonApple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelathena_odbcwindowsmacosAmazon Athena ODBC driver
CWE ID-CWE-862
Missing Authorization
CVE-2023-28348
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.44% / 35.43%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 00:00
Updated-13 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept student keystrokes or modify executable files being sent from teachers to students.

Action-Not Available
Vendor-faronicsn/aMicrosoft Corporation
Product-windowsinsightn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2004-2694
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-8.56% / 94.41%
||
7 Day CHG~0.00%
Published-06 Oct, 2007 | 20:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-outlook_expressn/a
CVE-2015-6112
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.8||MEDIUM
EPSS-2.81% / 84.80%
||
7 Day CHG~0.00%
Published-11 Nov, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required extended master-secret binding support to ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "Schannel TLS Triple Handshake Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8530
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.65% / 73.68%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8555.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10edgeMicrosoft Edge
CWE ID-CWE-346
Origin Validation Error
CVE-2017-8650
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.46% / 70.38%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10edgeMicrosoft Edge
CWE ID-CWE-346
Origin Validation Error
CVE-2017-7153
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.91% / 77.29%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxwatchostvossafariwindowsicloudn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2018-0803
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.2||MEDIUM
EPSS-3.66% / 88.26%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 14:00
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of Privilege Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_server_2016windows_10Microsoft Edge
CWE ID-CWE-863
Incorrect Authorization
CVE-2017-3105
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-2.89% / 85.17%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 08:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.

Action-Not Available
Vendor-n/aMicrosoft CorporationAdobe Inc.
Product-robohelpwindowsAdobe RoboHelp RH2017.0.1 and earlier versions
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-31209
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.63% / 83.64%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-28 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Spoofing Vulnerability

Microsoft Exchange Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 20Microsoft Exchange Server 2019 Cumulative Update 9Microsoft Exchange Server 2019 Cumulative Update 8Microsoft Exchange Server 2016 Cumulative Update 19
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2017-11932
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-5.88% / 92.32%
||
7 Day CHG~0.00%
Published-12 Dec, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • Next
Details not found