Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-1075

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-15 Jul, 2019 | 18:56
Updated At-04 Aug, 2024 | 18:06
Rejected At-
Credits

A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:15 Jul, 2019 | 18:56
Updated At:04 Aug, 2024 | 18:06
Rejected At:
▼CVE Numbering Authority (CNA)

A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
ASP.NET Core
Versions
Affected
  • 2.1
  • 2.2
Problem Types
TypeCWE IDDescription
textN/ASpoofing
Type: text
CWE ID: N/A
Description: Spoofing
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075
x_refsource_MISC
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075
x_refsource_MISC
x_transferred
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:15 Jul, 2019 | 19:15
Updated At:19 Jul, 2019 | 15:34

A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.1MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Type: Primary
Version: 3.0
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CPE Matches
Microsoft Corporation
microsoft
>>asp.net_core>>2.1
cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>asp.net_core>>2.2
cpe:2.3:a:microsoft:asp.net_core:2.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-601Primarynvd@nist.gov
CWE ID: CWE-601
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

680Records found
CVE-2010-3813
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.81% / 73.75%
||
7 Day CHG~0.00%
Published-20 Nov, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CVE-2021-26418
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.6||MEDIUM
EPSS-1.01% / 76.69%
||
7 Day CHG+0.46%
Published-11 May, 2021 | 19:11
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_foundationsharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2021-26421
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.67% / 81.77%
||
7 Day CHG+0.89%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Skype for Business and Lync Spoofing Vulnerability

Skype for Business and Lync Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-lync_serverskype_for_business_serverSkype for Business Server 2015 CU11Microsoft Lync Server 2013 CU10
CVE-2022-26913
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-4.17% / 88.43%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:33
Updated-02 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Authentication Information Disclosure Vulnerability

Windows Authentication Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2004-2694
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-17.27% / 94.86%
||
7 Day CHG~0.00%
Published-06 Oct, 2007 | 20:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-outlook_expressn/a
CVE-2015-6112
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.8||MEDIUM
EPSS-6.98% / 91.25%
||
7 Day CHG~0.00%
Published-11 Nov, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required extended master-secret binding support to ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "Schannel TLS Triple Handshake Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-24073
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 66.82%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Skype for Business and Lync Spoofing Vulnerability

Skype for Business and Lync Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-lync_serverskype_for_business_serverMicrosoft Lync Server 2013Skype for Business Server 2015 CU 8
CVE-2021-24113
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.85% / 82.62%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CVE-2021-24104
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.6||MEDIUM
EPSS-1.15% / 78.11%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:02
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1
CVE-2021-21172
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.1||HIGH
EPSS-0.42% / 61.33%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 17:46
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Action-Not Available
Vendor-Google LLCMicrosoft CorporationFedora ProjectDebian GNU/Linux
Product-chromewindowsfedoradebian_linuxChrome
CVE-2012-2549
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.8||MEDIUM
EPSS-9.14% / 92.49%
||
7 Day CHG~0.00%
Published-12 Dec, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21125
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.1||HIGH
EPSS-6.94% / 91.22%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 13:56
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromeedge_chromiumChrome
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2003-1567
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-68.99% / 98.59%
||
7 Day CHG~0.00%
Published-15 Jan, 2009 | 00:00
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_information_servicesn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-20444
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.17% / 37.68%
||
7 Day CHG~0.00%
Published-18 Feb, 2021 | 15:10
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196620.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsmaximo_for_civil_infrastructurelinux_kernelMaximo for Civil Infrastructure
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-1717
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.6||MEDIUM
EPSS-1.25% / 79.01%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1
CVE-2021-1641
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.6||MEDIUM
EPSS-1.25% / 79.01%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:41
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1
CVE-2012-0146
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.8||MEDIUM
EPSS-25.13% / 96.04%
||
7 Day CHG~0.00%
Published-10 Apr, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-forefront_unified_access_gatewayn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-4657
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 47.64%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 20:35
Updated-17 Sep, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelihp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-4658
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 40.57%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 20:35
Updated-16 Sep, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarissterling_file_gatewaylinux_kernelihp-uxwindowsaixSterling File Gateway
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-30209
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-3.19% / 86.67%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:37
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows IIS Server Elevation of Privilege Vulnerability

Windows IIS Server Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 1809Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2016Windows 7Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CVE-2022-22477
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.49% / 64.88%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 16:25
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-24431
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-4.4||MEDIUM
EPSS-0.31% / 54.01%
||
7 Day CHG~0.00%
Published-05 Nov, 2020 | 19:31
Updated-16 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC for macOS Dynamic Library Injection Vulnerability

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-285
Improper Authorization
CVE-2022-21817
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.91% / 75.37%
||
7 Day CHG~0.00%
Published-02 Feb, 2022 | 12:17
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity.

Action-Not Available
Vendor-n/aNVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-omniverse_launcherwindowslinux_kerneln/a
CVE-2022-21954
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.64% / 70.16%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-02 Jan, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CVE-2020-1056
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-14.77% / 94.33%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:52
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_server_2016windows_server_2019windows_10Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit SystemsMicrosoft Edge (EdgeHTML-based) on Windows Server 2019Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows Server 2016Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems
CVE-2020-0647
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.79% / 73.46%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 23:11
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serverOffice Online Server
CWE ID-CWE-346
Origin Validation Error
CVE-2020-0601
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-94.09% / 99.90%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 23:11
Updated-29 Oct, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.

Action-Not Available
Vendor-GoMicrosoft Corporation
Product-windows_10_1709windows_10_1507windows_10_1909windows_server_1909windows_server_1803windows_10_1903windowswindows_10_1607windows_10_1809windows_server_2019gowindows_server_1903windows_server_2016windows_10_1803Windows ServerWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1909 for x64-based SystemsWindowsWindows 10 Version 1909 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-0695
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.79% / 73.46%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 21:23
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serverOffice Online Server
CWE ID-CWE-346
Origin Validation Error
CVE-2018-0908
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.05% / 77.18%
||
7 Day CHG~0.00%
Published-26 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-Microsoft Corporation
Product-identity_managerMicrosoft Identity Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-8530
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.53% / 66.66%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8555.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10windows_server_2016Microsoft Edge
CWE ID-CWE-346
Origin Validation Error
CVE-2017-8560
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.79% / 73.45%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5.
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-8559
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.79% / 73.45%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5.
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-8551
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.76% / 72.85%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-project_serverMicrosoft SharePoint
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-8642
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.90% / 75.19%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10Microsoft Edge
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-8650
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.72% / 71.98%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10Microsoft Edge
CWE ID-CWE-346
Origin Validation Error
CVE-2017-7089
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.1||MEDIUM
EPSS-4.46% / 88.81%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunestvosiphone_osicloudsafariwindowsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-0799
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.79% / 73.46%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 01:00
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_enterprise_serverMicrosoft Access
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-0803
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.2||MEDIUM
EPSS-3.66% / 87.60%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 14:00
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of Privilege Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_server_2016windows_10Microsoft Edge
CWE ID-CWE-863
Incorrect Authorization
CVE-2017-7109
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.94% / 75.77%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunestvosiphone_osicloudsafariwindowsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-3104
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.28% / 79.24%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft Corporation
Product-robohelpwindowsAdobe RoboHelp RH2017.0.1 and earlier versions
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-2929
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-3.87% / 87.96%
||
7 Day CHG~0.00%
Published-24 Jan, 2017 | 07:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft Corporation
Product-acrobatwindowsAdobe Acrobat Extension for Chrome 15.1.0.3
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-11863
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.09% / 77.59%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10windows_server_2016Microsoft Edge
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0055
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.70% / 81.92%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft IIS Server XSS Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_vistawindows_10IIS Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-0154
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.99% / 76.46%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-Microsoft Corporation
Product-internet_explorerwindows_10windows_server_2016Internet Explorer
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2022-38709
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.37% / 58.47%
||
7 Day CHG~0.00%
Published-06 Oct, 2022 | 17:15
Updated-17 Sep, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsrobotic_process_automation_for_cloud_pakRobotic Process Automation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-7891
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-0.92% / 75.60%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier have an input validation issue that could be used in cross-site scripting attacks.

Action-Not Available
Vendor-n/aMicrosoft CorporationAdobe Inc.
Product-robohelpwindowsAdobe RoboHelp 2015.0.3 and earlier, RoboHelp 11 and earlier
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-34469
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.2||HIGH
EPSS-0.83% / 74.18%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Security Feature Bypass Vulnerability

Microsoft Office Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2013 Service Pack 1Microsoft Office 2016Microsoft Office 2019
CVE-2021-34492
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.80% / 82.44%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Certificate Spoofing Vulnerability

Windows Certificate Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2020-17063
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.44% / 80.43%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Online Spoofing Vulnerability

Microsoft Office Online Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2019
CVE-2020-17060
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.89% / 75.12%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2010 Service Pack 2Microsoft SharePoint Enterprise Server 2013 Service Pack 1
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 13
  • 14
  • Next
Details not found