Vulnerabilities > Microsoft > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-05-16 CVE-2019-0708 Use After Free vulnerability in multiple products
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
network
low complexity
microsoft siemens huawei CWE-416
critical
9.8
2019-04-09 CVE-2019-0813 Unspecified vulnerability in Microsoft Windows Admin Center
An elevation of privilege vulnerability exists when Windows Admin Center improperly impersonates operations in certain situations, aka 'Windows Admin Center Elevation of Privilege Vulnerability'.
network
low complexity
microsoft
critical
9.8
2019-04-09 CVE-2019-0786 Improper Input Validation vulnerability in Microsoft products
An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine, aka 'SMB Server Elevation of Privilege Vulnerability'.
network
low complexity
microsoft CWE-20
critical
9.8
2019-04-09 CVE-2019-0726 Out-of-bounds Write vulnerability in Microsoft products
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-787
critical
9.8
2019-04-09 CVE-2019-0698 Out-of-bounds Write vulnerability in Microsoft products
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-787
critical
9.8
2019-04-09 CVE-2019-0697 Out-of-bounds Write vulnerability in Microsoft products
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-787
critical
9.8
2019-03-05 CVE-2019-0729 Use of Insufficiently Random Values vulnerability in Microsoft Java Software Development KIT
An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'.
network
low complexity
microsoft CWE-330
critical
9.8
2019-03-05 CVE-2019-0626 Out-of-bounds Write vulnerability in Microsoft products
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-787
critical
9.8
2019-03-05 CVE-2019-0604 Improper Input Validation vulnerability in Microsoft products
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-20
critical
9.8
2019-01-08 CVE-2019-0586 Out-of-bounds Write vulnerability in Microsoft Exchange Server 2016/2019
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
network
low complexity
microsoft CWE-787
critical
9.8