Vulnerabilities > Microsoft > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-07-11 CVE-2018-8319 Incorrect Calculation vulnerability in Microsoft Research Javascript Cryptography Library 1.4
A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library.
network
low complexity
microsoft CWE-682
critical
9.8
2018-07-05 CVE-2018-12571 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Forefront Unified Access Gateway 2010
uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.
network
low complexity
microsoft CWE-918
critical
9.8
2018-05-09 CVE-2018-8154 Out-of-bounds Write vulnerability in Microsoft Exchange Server 2010/2013/2016
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
network
low complexity
microsoft CWE-787
critical
9.8
2017-12-12 CVE-2017-11899 Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016
Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability".
network
low complexity
microsoft
critical
9.8
2017-11-02 CVE-2017-11767 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore
ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".
network
low complexity
microsoft CWE-119
critical
9.8
2017-10-13 CVE-2017-11771 Improper Input Validation vulnerability in Microsoft products
The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows Search Remote Code Execution Vulnerability".
network
low complexity
microsoft CWE-20
critical
9.8
2017-09-13 CVE-2017-8686 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows Server 2012 and Windows Server 2016
The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka "Windows DHCP Server Remote Code Execution Vulnerability".
network
low complexity
microsoft CWE-119
critical
9.8
2017-08-11 CVE-2017-8658 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".
network
low complexity
microsoft CWE-119
critical
9.8
2017-07-17 CVE-2017-0028 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory.
network
low complexity
microsoft CWE-119
critical
9.8
2017-07-11 CVE-2017-8589 Improper Preservation of Permissions vulnerability in Microsoft products
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability".
network
low complexity
microsoft CWE-281
critical
9.8