cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-49142,https://securityvulnerability.io/vulnerability/CVE-2024-49142,Microsoft Access Remote Code Execution Vulnerability,"The vulnerability in Microsoft Access allows for remote code execution, enabling an attacker to execute arbitrary code on the user's system. This security flaw can be exploited when a user opens a specially crafted Access file. Successful exploitation can result in unauthorized access to sensitive data and control over the affected system. It is crucial for users to apply patches and security updates as provided by Microsoft to mitigate risks associated with this vulnerability. Ensuring that appropriate security protocols are in place and regularly updated can help safeguard against such attacks.",Microsoft,"Microsoft Office 2019,Microsoft 365 Apps For Enterprise,Microsoft Office Ltsc 2021,Microsoft Office Ltsc 2024,Microsoft Access 2016 (32-bit Edition),Microsoft Access 2016 (64-bit Edition)",7.8,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-12-12T02:04:00.000Z,0
CVE-2021-40448,https://securityvulnerability.io/vulnerability/CVE-2021-40448,Microsoft Accessibility Insights for Android Information Disclosure Vulnerability,Microsoft Accessibility Insights for Android Information Disclosure Vulnerability,Microsoft,Accessibility Insights For Android,6.3,MEDIUM,0.38683000206947327,false,false,false,false,,false,false,2021-09-15T11:24:27.000Z,0
CVE-2021-31936,https://securityvulnerability.io/vulnerability/CVE-2021-31936,Microsoft Accessibility Insights for Web Information Disclosure Vulnerability,Microsoft Accessibility Insights for Web Information Disclosure Vulnerability,Microsoft,Microsoft Accessibility Insights For Web,7.4,HIGH,0.023840000852942467,false,false,false,false,,false,false,2021-05-11T19:11:45.000Z,0
CVE-2021-28455,https://securityvulnerability.io/vulnerability/CVE-2021-28455,Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability,Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability,Microsoft,"Microsoft Access 2013 Service Pack 1 (32-bit Editions),Microsoft Access 2013 Service Pack 1 (64-bit Editions),Microsoft Office 2019,Microsoft 365 Apps For Enterprise,Microsoft Office 2016,Microsoft Access 2016 (32-bit Edition),Microsoft Access 2016 (64-bit Edition),Microsoft Office 2013 Service Pack 1,Windows 10 Version 1803,Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows 10 Version 1909,Windows Server, Version 1909 (server Core Installation),Windows 10 Version 2004,Windows Server Version 2004,Windows 10 Version 20h2,Windows Server Version 20h2,Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows 7,Windows 7 Service Pack 1,Windows 8.1,Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008  Service Pack 2,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation)",8.8,HIGH,0.01874000020325184,false,false,false,false,,false,false,2021-05-11T19:11:14.000Z,0
CVE-2020-1582,https://securityvulnerability.io/vulnerability/CVE-2020-1582,Microsoft Access Remote Code Execution Vulnerability,"A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Access. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
The security update addresses the vulnerability by correcting how Microsoft Access handles objects in memory.
",Microsoft,"Microsoft Access 2013 Service Pack 1 (32-bit Editions),Microsoft Access 2013 Service Pack 1 (64-bit Editions),Microsoft Office 2019,Microsoft 365 Apps For Enterprise,Microsoft Access 2016 (32-bit Edition),Microsoft Access 2016 (64-bit Edition),Microsoft Access 2010 Service Pack 2",7.8,HIGH,0.029650000855326653,false,false,false,false,,false,false,2020-08-17T19:15:00.000Z,0
CVE-2020-0760,https://securityvulnerability.io/vulnerability/CVE-2020-0760,,"A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.",Microsoft,"Microsoft Project,Microsoft Office,Office 365 Proplus,Microsoft Excel,Microsoft Powerpoint,Microsoft Visio,Microsoft Word,Microsoft Publisher 2016 (32-bit Edition),Microsoft Publisher 2016 (64-bit Edition),Microsoft Access,Microsoft Outlook,Microsoft Publisher 2013 Service Pack 1 (32-bit Editions),Microsoft Publisher 2013 Service Pack 1 (64-bit Editions),Microsoft Publisher",8.8,HIGH,0.06233999878168106,false,false,false,false,,false,false,2020-04-15T15:12:40.000Z,0
CVE-2018-8312,https://securityvulnerability.io/vulnerability/CVE-2018-8312,,"A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka ""Microsoft Access Remote Code Execution Vulnerability."" This affects Microsoft Access, Microsoft Office.",Microsoft,"Microsoft Access,Microsoft Office",7.8,HIGH,0.8078799843788147,false,false,false,false,,false,false,2018-07-11T00:00:00.000Z,0
CVE-2018-12571,https://securityvulnerability.io/vulnerability/CVE-2018-12571,,"uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.",Microsoft,Forefront Unified Access Gateway,9.8,CRITICAL,0.05116000026464462,false,false,false,false,,false,false,2018-07-05T20:00:00.000Z,0
CVE-2018-0903,https://securityvulnerability.io/vulnerability/CVE-2018-0903,,"Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka ""Microsoft Access Remote Code Execution Vulnerability"".",Microsoft,Microsoft Access,7.8,HIGH,0.7966499924659729,false,false,false,false,,false,false,2018-03-14T00:00:00.000Z,0
CVE-2018-0940,https://securityvulnerability.io/vulnerability/CVE-2018-0940,,"Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka ""Microsoft Exchange Elevation of Privilege Vulnerability"".",Microsoft,Microsoft Exchange Outlook Web Access (owa),6.5,MEDIUM,0.0038999998942017555,false,false,false,false,,false,false,2018-03-14T00:00:00.000Z,0
CVE-2018-0799,https://securityvulnerability.io/vulnerability/CVE-2018-0799,,"Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka ""Microsoft Access Tampering Vulnerability"".",Microsoft,Microsoft Access,6.1,MEDIUM,0.01080000028014183,false,false,false,false,,false,false,2018-01-10T01:29:00.000Z,0
CVE-2016-0028,https://securityvulnerability.io/vulnerability/CVE-2016-0028,,"Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka ""Microsoft Exchange Information Disclosure Vulnerability.""",Microsoft,Outlook Web Access,5.5,MEDIUM,0.0036899999249726534,false,false,false,false,,false,false,2016-06-16T01:00:00.000Z,0
CVE-2015-2503,https://securityvulnerability.io/vulnerability/CVE-2015-2503,,"Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka ""Microsoft Office Elevation of Privilege Vulnerability.""",Microsoft,"Word,Onenote,Publisher,Powerpoint,Project Server,Infopath,Access,Excel,Project,Visio,Lync,Skype For Business,Pinyin Ime,Office 2007 Ime",,,0.006819999776780605,false,false,false,false,,false,false,2015-11-11T11:00:00.000Z,0
CVE-2014-3802,https://securityvulnerability.io/vulnerability/CVE-2014-3802,,"msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.",Microsoft,"Debug Interface Access Software Development Kit,Visual Studio",,,0.1534699946641922,false,false,false,false,,false,false,2014-05-20T23:55:00.000Z,0
CVE-2013-3157,https://securityvulnerability.io/vulnerability/CVE-2013-3157,,"Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka ""Access Memory Corruption Vulnerability,"" a different vulnerability than CVE-2013-3155.",Microsoft,Access,,,0.8656399846076965,false,false,false,false,,false,false,2013-09-11T10:00:00.000Z,0
CVE-2013-3155,https://securityvulnerability.io/vulnerability/CVE-2013-3155,,"Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka ""Access Memory Corruption Vulnerability,"" a different vulnerability than CVE-2013-3157.",Microsoft,Access,,,0.8656399846076965,false,false,false,false,,false,false,2013-09-11T10:00:00.000Z,0
CVE-2013-3156,https://securityvulnerability.io/vulnerability/CVE-2013-3156,,"Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka ""Access File Format Memory Corruption Vulnerability.""",Microsoft,Access,,,0.8656399846076965,false,false,false,false,,false,false,2013-09-11T10:00:00.000Z,0
CVE-2012-1891,https://securityvulnerability.io/vulnerability/CVE-2012-1891,,"Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka ""ADO Cachesize Heap Overflow RCE Vulnerability.""",Microsoft,Data Access Components,,,0.9505400061607361,false,false,false,false,,false,false,2012-07-10T21:00:00.000Z,0
CVE-2012-0146,https://securityvulnerability.io/vulnerability/CVE-2012-0146,,"Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka ""UAG Blind HTTP Redirect Vulnerability.""",Microsoft,Forefront Unified Access Gateway,,,0.007449999917298555,false,false,false,false,,false,false,2012-04-10T21:00:00.000Z,0
CVE-2012-0147,https://securityvulnerability.io/vulnerability/CVE-2012-0147,,"Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka ""Unfiltered Access to UAG Default Website Vulnerability.""",Microsoft,Forefront Unified Access Gateway,,,0.13553999364376068,false,false,false,false,,false,false,2012-04-10T21:00:00.000Z,0
CVE-2011-1895,https://securityvulnerability.io/vulnerability/CVE-2011-1895,,"CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka ""ExcelTable Response Splitting XSS Vulnerability.""",Microsoft,Forefront Unified Access Gateway,,,0.00953999999910593,false,false,false,false,,false,false,2011-10-12T01:00:00.000Z,0
CVE-2011-1896,https://securityvulnerability.io/vulnerability/CVE-2011-1896,,"Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ""ExcelTable Reflected XSS Vulnerability.""",Microsoft,Forefront Unified Access Gateway,,,0.01568000018596649,false,false,false,false,,false,false,2011-10-12T01:00:00.000Z,0
CVE-2011-1897,https://securityvulnerability.io/vulnerability/CVE-2011-1897,,"Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ""Default Reflected XSS Vulnerability.""",Microsoft,Forefront Unified Access Gateway,,,0.004430000204592943,false,false,false,false,,false,false,2011-10-12T01:00:00.000Z,0
CVE-2011-1969,https://securityvulnerability.io/vulnerability/CVE-2011-1969,,"Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka ""Poisoned Cup of Code Execution Vulnerability.""",Microsoft,Forefront Unified Access Gateway,,,0.510129988193512,false,false,false,false,,false,false,2011-10-12T01:00:00.000Z,0
CVE-2011-2012,https://securityvulnerability.io/vulnerability/CVE-2011-2012,,"Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka ""Null Session Cookie Crash.""",Microsoft,Forefront Unified Access Gateway,,,0.08728999644517899,false,false,false,false,,false,false,2011-10-12T01:00:00.000Z,0