Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-35368

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-08 Aug, 2023 | 17:08
Updated At-27 Feb, 2025 | 21:09
Rejected At-
Credits

Microsoft Exchange Remote Code Execution Vulnerability

Microsoft Exchange Remote Code Execution Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:08 Aug, 2023 | 17:08
Updated At:27 Feb, 2025 | 21:09
Rejected At:
▼CVE Numbering Authority (CNA)
Microsoft Exchange Remote Code Execution Vulnerability

Microsoft Exchange Remote Code Execution Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2019 Cumulative Update 13
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.02.0 before 15.02.1258.025 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2016 Cumulative Update 23
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.01.0 before 15.01.2507.032 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2019 Cumulative Update 12
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.02.0 before 15.02.1118.037 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20: Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20: Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368
vendor-advisory
x_transferred
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:08 Aug, 2023 | 18:15
Updated At:29 May, 2024 | 02:15

Microsoft Exchange Remote Code Execution Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>exchange_server>>2016
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>exchange_server>>2019
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>exchange_server>>2019
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_13:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-20Secondarysecure@microsoft.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1090Records found
CVE-2024-30078
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-28.93% / 96.39%
||
7 Day CHG+2.81%
Published-11 Jun, 2024 | 16:59
Updated-16 Jul, 2025 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Wi-Fi Driver Remote Code Execution Vulnerability

Windows Wi-Fi Driver Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 21H2Windows Server 2022Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 21H2Windows 10 Version 1809Windows Server 2012 R2Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2008 Service Pack 2Windows 10 Version 1607
CWE ID-CWE-20
Improper Input Validation
CVE-2021-36967
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8||HIGH
EPSS-1.50% / 80.42%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability

Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-37973
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.30% / 53.18%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Secure Boot Security Feature Bypass Vulnerability

Secure Boot Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2012Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2019Windows 11 version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-38053
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.64% / 69.63%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:03
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2012Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2019Windows 11 version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2
CWE ID-CWE-416
Use After Free
CVE-2011-1265
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.14%
||
7 Day CHG~0.00%
Published-13 Jul, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."

Action-Not Available
Vendor-bluetoothn/aMicrosoft Corporation
Product-windows_7bluetooth_stackwindows_vistan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-38148
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-4.18% / 88.24%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 16:58
Updated-01 Jan, 2025 | 02:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_21h2windows_server_2022windows_10_22h2Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 22H2
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-35634
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8||HIGH
EPSS-0.19% / 40.99%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 18:10
Updated-01 Jan, 2025 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bluetooth Driver Remote Code Execution Vulnerability

Windows Bluetooth Driver Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_21h2windows_11_22h2windows_11_23h2Windows 11 Version 23H2Windows 11 version 22H3Windows 11 version 22H2Windows 11 version 21H2
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-28353
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.06% / 19.85%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 00:00
Updated-13 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM.

Action-Not Available
Vendor-faronicsn/aMicrosoft Corporation
Product-windowsinsightn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-28240
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.75%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Network Load Balancing Remote Code Execution Vulnerability

Windows Network Load Balancing Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2012 R2 (Server Core installation)Windows Server 2022Windows Server 2016Windows Server 2012Windows Server 2016 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-28231
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-73.80% / 98.77%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DHCP Server Service Remote Code Execution Vulnerability

DHCP Server Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2022windows_server_2019windows_server_2008Windows Server 2012 R2 (Server Core installation)Windows Server 2022Windows Server 2016Windows Server 2012Windows Server 2016 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-24871
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-53.74% / 97.91%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-01 Jan, 2025 | 00:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bluetooth Service Remote Code Execution Vulnerability

Windows Bluetooth Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_22h2windows_11_21h2windows_10_22h2windows_10_20h2windows_server_2022Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 20H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-24947
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.77%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 17:02
Updated-10 Jul, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Bluetooth Driver Remote Code Execution Vulnerability

Windows Bluetooth Driver Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_10_22h2windows_10_20h2windows_server_2019windows_10_1607Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2019Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-416
Use After Free
CVE-2024-28899
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.45% / 62.82%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Secure Boot Security Feature Bypass Vulnerability

Secure Boot Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2012Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 1607Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2019Windows 11 version 21H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-28349
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 68.40%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 00:00
Updated-13 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functions similarly to the Teacher Console. This can compel Student Consoles to connect and put themselves at risk automatically. Connected Student Consoles can be compelled to write arbitrary files to arbitrary locations on disk with NT AUTHORITY/SYSTEM level permissions, enabling remote code execution.

Action-Not Available
Vendor-faronicsn/aMicrosoft Corporation
Product-windowsinsightn/a
CWE ID-CWE-346
Origin Validation Error
CVE-2022-41085
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.31%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-02 Jan, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure CycleCloud Elevation of Privilege Vulnerability

Azure CycleCloud Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_cyclecloudAzure CycleCloud 8.0.0Azure CycleCloud 7
CVE-2022-3405
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-9.3||CRITICAL
EPSS-29.61% / 96.45%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 10:49
Updated-03 Feb, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-cyber_protectwindowscyber_backuplinux_kernelAcronis Cyber Protect 15Acronis Cyber Backup 12.5
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-33674
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.3||HIGH
EPSS-0.36% / 57.73%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:38
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_site_recovery_vmware_to_azureAzure Site Recovery VMWare to Azure
CVE-2022-23767
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.11%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 19:50
Updated-03 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SecureGate authentication bypass vulnerability

This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereby taking over the victim’s system.

Action-Not Available
Vendor-hanssakHANSSAK Co.,LtdMicrosoft Corporation
Product-securegateweblinkwindowsSecureGateWebLink
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-16898
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-30.68% / 96.56%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:17
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows TCP/IP Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.</p> <p>To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer.</p> <p>The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server 2019Windows 10 Version 1709Windows 10 Version 1909Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit Systems
CVE-2020-13872
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.75%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 18:32
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach.

Action-Not Available
Vendor-royalappsn/aMicrosoft Corporation
Product-windowsroyal_tsn/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2023-32336
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.39%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 00:57
Updated-27 Jan, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server code execution

IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-38147
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 25.24%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 16:58
Updated-01 Jan, 2025 | 02:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Miracast Wireless Display Remote Code Execution Vulnerability

Windows Miracast Wireless Display Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2Windows Server 2016
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-35641
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-5.22% / 89.56%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 18:10
Updated-01 Jan, 2025 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 1607Windows 11 version 22H3Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-682
Incorrect Calculation
CVE-2023-35315
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.40%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-35630
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.58% / 84.98%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 18:10
Updated-01 Jan, 2025 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows 10 Version 1607Windows 11 version 22H3Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-6746
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-84.32% / 99.27%
||
7 Day CHG+8.63%
Published-15 Jul, 2024 | 12:00
Updated-01 Aug, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NaiboWang EasySpider HTTP GET Request server.js path traversal

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier VDB-271477 was assigned to this vulnerability. NOTE: The code maintainer explains, that this is not a big issue "because the default is that the software runs locally without going through the Internet".

Action-Not Available
Vendor-easyspiderNaiboWangnaibowangMicrosoft Corporation
Product-easyspiderwindowsEasySpidereasyspider
CWE ID-CWE-24
Path Traversal: '../filedir'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-40828
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-8
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 28.59%
||
7 Day CHG~0.00%
Published-22 Nov, 2021 | 23:41
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TLS hostname validation issues within AWS IoT Device SDKs on Windows

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. This issue has been addressed in aws-c-io submodule versions 0.9.13 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.3.3 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.5.18 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Microsoft Windows.

Action-Not Available
Vendor-amazonAmazon Web ServicesMicrosoft Corporation
Product-windowsamazon_web_services_internet_of_things_device_software_development_kit_v2amazon_web_services_aws-c-ioAWS IoT Device SDK v2 for PythonAWS IoT Device SDK v2 for C++AWS-C-IOAWS IoT Device SDK v2 for Java AWS IoT Device SDK v2 for Node.js
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-36965
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.10% / 77.18%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows WLAN AutoConfig Service Remote Code Execution Vulnerability

Windows WLAN AutoConfig Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-27194
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 46.70%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 18:29
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to gather credentials including Windows login usernames and passwords.

Action-Not Available
Vendor-netopn/aMicrosoft Corporation
Product-vision_prowindowsn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2017-8555
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-6.08% / 90.39%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8530.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10Microsoft Edge
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8623
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.50% / 80.37%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_server_2016Windows Hyper-V
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8664
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.93% / 75.13%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_8.1windows_10windows_server_2016Windows Hyper-V
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8602
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-27.18% / 96.20%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing Vulnerability."

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2016windows_8.1windows_rt_8.1edgewindows_10internet_explorerWindows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8585
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-18.60% / 95.01%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.

Action-Not Available
Vendor-Microsoft Corporation
Product-.net_frameworkMicrosoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8566
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.55% / 67.06%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_server_2016Microsoft Windows 1607, 1703, and Windows Server 2016.
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8682
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-66.01% / 98.45%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012office_2010windows_server_2016windows_8.1windows_rt_8.1windows_10office_word_vieweroffice_2007Windows graphics
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8599
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-16.76% / 94.68%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10windows_server_2016Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8699
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-30.58% / 96.55%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to the way that Windows Shell validates file copy destinations, aka "Windows Shell Remote Code Execution Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10Windows Shell
CWE ID-CWE-20
Improper Input Validation
CVE-2013-5046
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-2.56% / 84.95%
||
7 Day CHG~0.00%
Published-11 Dec, 2013 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8704
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 56.26%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_server_2016Windows Hyper-V
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1966
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-65.82% / 98.44%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 21:16
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8545
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-13.06% / 93.83%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-outlookMicrosoft Outlook for Mac
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8754
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.2||MEDIUM
EPSS-5.05% / 89.36%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8723.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10windows_server_2016Microsoft Edge
CWE ID-CWE-20
Improper Input Validation
CVE-2001-0509
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.18% / 93.22%
||
7 Day CHG~0.00%
Published-29 Aug, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_serversql_serverwindows_ntwindows_2000n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8018
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.10%
||
7 Day CHG~0.00%
Published-02 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Action-Not Available
Vendor-n/aELAN Microelectronics CorporationMicrosoft Corporation
Product-appsyncwindowsEMC AppSync host plug-in versions 3.5 and below (Windows platform only)
CWE ID-CWE-20
Improper Input Validation
CVE-2007-0028
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-48.29% / 97.65%
||
7 Day CHG~0.00%
Published-09 Jan, 2007 | 23:00
Updated-07 Aug, 2024 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-excelofficeexcel_viewerworksn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-0035
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-58.63% / 98.13%
||
7 Day CHG~0.00%
Published-08 May, 2007 | 22:00
Updated-07 Aug, 2024 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeworksn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-0216
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-71.27% / 98.65%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 22:00
Updated-07 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeworksn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-0208
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-57.63% / 98.08%
||
7 Day CHG~0.00%
Published-13 Feb, 2007 | 21:00
Updated-07 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordofficeword_viewerworksn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2000-0400
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-18.18% / 94.94%
||
7 Day CHG~0.00%
Published-15 Jun, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 21
  • 22
  • Next
Details not found