Filtered by vendor Microsoft
Subscribe
Search
Total
6074 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1361 | 1 Microsoft | 1 Windows Nt | 2016-10-18 | 6.4 MEDIUM | N/A |
| Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages. | |||||
| CVE-1999-1387 | 1 Microsoft | 1 Windows Nt | 2016-10-18 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the Linux 2.0.29 kernel but executed on Linux 2.0.25. | |||||
| CVE-1999-1376 | 1 Microsoft | 1 Internet Information Server | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. | |||||
| CVE-1999-1375 | 1 Microsoft | 1 Internet Information Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. | |||||
| CVE-1999-1132 | 1 Microsoft | 1 Windows Nt | 2016-10-18 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. | |||||
| CVE-1999-1164 | 1 Microsoft | 2 Outlook, Outlook Express | 2016-10-18 | 5.0 MEDIUM | N/A |
| Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang. | |||||
| CVE-1999-1104 | 1 Microsoft | 1 Windows 95 | 2016-10-18 | 4.6 MEDIUM | N/A |
| Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords. | |||||
| CVE-1999-1052 | 1 Microsoft | 1 Frontpage | 2016-10-18 | 5.0 MEDIUM | N/A |
| Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users. | |||||
| CVE-1999-1033 | 1 Microsoft | 1 Outlook Express | 2016-10-18 | 5.0 MEDIUM | N/A |
| Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang. | |||||
| CVE-1999-0364 | 2 Fms Inc., Microsoft | 2 Total Vb Sourcebook, Access | 2016-10-18 | 10.0 HIGH | N/A |
| Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. | |||||
| CVE-1999-0360 | 1 Microsoft | 1 Site Server | 2016-10-18 | 7.2 HIGH | N/A |
| MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. | |||||
| CVE-1999-0407 | 1 Microsoft | 1 Internet Information Server | 2016-10-18 | 10.0 HIGH | N/A |
| By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. | |||||
| CVE-1999-0819 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2016-10-18 | 5.0 MEDIUM | N/A |
| NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it. | |||||
| CVE-2014-3802 | 1 Microsoft | 2 Debug Interface Access Software Development Kit, Visual Studio | 2016-09-09 | 6.8 MEDIUM | N/A |
| msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file. | |||||
| CVE-2014-7286 | 2 Microsoft, Symantec | 3 Windows Server 2003, Windows Xp, Deployment Solution | 2016-09-06 | 7.2 HIGH | N/A |
| Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2014-2779 | 1 Microsoft | 1 Malware Protection Engine | 2016-09-02 | 4.3 MEDIUM | N/A |
| mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to cause a denial of service (system hang) via a crafted file. | |||||
| CVE-2014-5239 | 1 Microsoft | 1 Outlook.com | 2015-12-04 | 4.0 MEDIUM | N/A |
| The Microsoft Outlook.com application before 7.8.2.12.49.7090 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-7404 | 2 Ibm, Microsoft | 4 Tivoli Storage Flashcopy Manager, Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server, Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server and 1 more | 2015-11-19 | 1.9 LOW | N/A |
| IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output. | |||||
| CVE-2015-0884 | 2 Microsoft, Toshiba | 3 Windows, Bluetooth Stack, Service Station | 2015-11-19 | 6.9 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. | |||||
| CVE-2015-0310 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2015-11-13 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015. | |||||
| CVE-2013-4669 | 5 Apple, Fortinet, Google and 2 more | 7 Mac Os X, Forticlient, Forticlient Lite and 4 more | 2015-11-04 | 5.4 MEDIUM | N/A |
| FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem. | |||||
| CVE-2014-8967 | 1 Microsoft | 1 Internet Explorer | 2015-10-30 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token sequence specifying the run-in value for the display property, leading to improper CElement reference counting. | |||||
| CVE-2014-0529 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2015-10-23 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-3344 | 5 Adobe, Apple, Google and 2 more | 5 Flash Player, Mac Os X, Android and 2 more | 2015-10-23 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-4671 | 4 Adobe, Apple, Linux and 1 more | 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more | 2015-09-22 | 4.3 MEDIUM | N/A |
| Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. | |||||
| CVE-2014-0812 | 2 Kent-web, Microsoft | 2 Joyful Note, Internet Explorer | 2015-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2314 | 2 Atlassian, Microsoft | 2 Jira, Windows | 2015-07-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. | |||||
| CVE-2014-7816 | 2 Microsoft, Redhat | 2 Windows, Undertow | 2015-03-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI. | |||||
| CVE-2015-0311 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2015-02-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. | |||||
| CVE-2015-1565 | 4 Hitachi, Microsoft, Novell and 1 more | 8 Compute Systems Manager, Device Manager, Global Link Manager and 5 more | 2015-02-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1797 | 3 Apple, Chromium Project, Microsoft | 8 Mac Os X, Mac Os X Server, Safari and 5 more | 2015-01-07 | 9.3 HIGH | N/A |
| WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||||
| CVE-2014-9150 | 2 Adobe, Microsoft | 3 Acrobat, Acrobat Reader, Windows | 2014-12-17 | 6.4 MEDIUM | N/A |
| Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568. | |||||
| CVE-2014-8449 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-9165 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-8455. | |||||
| CVE-2014-9158 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-8461. | |||||
| CVE-2014-9159 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-8460. | |||||
| CVE-2014-8461 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-9158. | |||||
| CVE-2014-8460 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-9159. | |||||
| CVE-2014-8459 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8461, and CVE-2014-9158. | |||||
| CVE-2014-8458 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158. | |||||
| CVE-2014-8457 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8460 and CVE-2014-9159. | |||||
| CVE-2014-8456 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158. | |||||
| CVE-2014-8455 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-9165. | |||||
| CVE-2014-8454 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8455 and CVE-2014-9165. | |||||
| CVE-2014-8452 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 5.0 MEDIUM | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-8453 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 5.0 MEDIUM | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2014-8451 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 5.0 MEDIUM | N/A |
| An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448. | |||||
| CVE-2014-8448 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 5.0 MEDIUM | N/A |
| An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451. | |||||
| CVE-2014-8447 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158. | |||||
| CVE-2014-8446 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2014-12-12 | 10.0 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158. | |||||