cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2021-31180,https://securityvulnerability.io/vulnerability/CVE-2021-31180,Microsoft Office Graphics Remote Code Execution Vulnerability,Microsoft Office Graphics Remote Code Execution Vulnerability,Microsoft,"Microsoft Office,Microsoft 365 Apps For Enterprise For 32-bit Systems,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft Word",7.8,HIGH,0.01664000004529953,false,false,false,false,,false,false,2021-05-11T19:11:29.000Z,0 CVE-2021-31177,https://securityvulnerability.io/vulnerability/CVE-2021-31177,Microsoft Office Remote Code Execution Vulnerability,"Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31179.",Microsoft,"Microsoft Office,Microsoft Office Online Server,Microsoft 365 Apps For Enterprise For 32-bit Systems,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft Excel,Microsoft Office Web Apps",7.8,HIGH,0.008820000104606152,false,false,false,false,,false,false,2021-05-11T19:11:27.000Z,0 CVE-2020-1447,https://securityvulnerability.io/vulnerability/CVE-2020-1447,,"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1448.",Microsoft,"Microsoft Sharepoint Enterprise Server,Microsoft Sharepoint Server,Microsoft Office,Microsoft Office Online Server,Microsoft 365 Apps For Enterprise For 32-bit Systems,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft Word,Microsoft Office Web Apps",8.8,HIGH,0.06233999878168106,false,false,false,false,,false,false,2020-07-14T23:15:00.000Z,0 CVE-2020-1446,https://securityvulnerability.io/vulnerability/CVE-2020-1446,,"A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.",Microsoft,"Microsoft Sharepoint Enterprise Server,Microsoft Sharepoint Server,Microsoft Office,Microsoft Office Online Server,Microsoft 365 Apps For Enterprise For 32-bit Systems,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft Word,Microsoft Office Web Apps",8.8,HIGH,0.06233999878168106,false,false,false,false,,false,false,2020-07-14T23:15:00.000Z,0 CVE-2020-1445,https://securityvulnerability.io/vulnerability/CVE-2020-1445,,"An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.",Microsoft,"Microsoft Sharepoint Enterprise Server,Microsoft Sharepoint Server,Microsoft Office,Microsoft Office Online Server,Microsoft 365 Apps For Enterprise For 32-bit Systems,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft Word,Microsoft Office Web Apps",5.5,MEDIUM,0.0044200001284480095,false,false,false,false,,false,false,2020-07-14T23:15:00.000Z,0 CVE-2020-1409,https://securityvulnerability.io/vulnerability/CVE-2020-1409,,"A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'.",Microsoft,"Windows,Windows Server,Windows 10 Version 1909 For 32-bit Systems,Windows 10 Version 1909 For X64-based Systems,Windows 10 Version 1909 For Arm64-based Systems,Windows Server, Version 1909 (server Core Installation),Windows 10 Version 1903 For 32-bit Systems,Windows 10 Version 1903 For X64-based Systems,Windows 10 Version 1903 For Arm64-based Systems,Windows Server, Version 1903 (server Core Installation),Windows 10 Version 2004 For 32-bit Systems,Windows 10 Version 2004 For Arm64-based Systems,Windows 10 Version 2004 For X64-based Systems,Windows Server, Version 2004 (server Core Installation),Microsoft Office",7.8,HIGH,0.020260000601410866,false,false,false,false,,false,false,2020-07-14T23:15:00.000Z,0 CVE-2020-1449,https://securityvulnerability.io/vulnerability/CVE-2020-1449,,"A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'.",Microsoft,"Microsoft Office,Microsoft 365 Apps For Enterprise For 32-bit Systems,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft Project",7.8,HIGH,0.020490000024437904,false,false,false,false,,false,false,2020-07-14T23:15:00.000Z,0 CVE-2020-1342,https://securityvulnerability.io/vulnerability/CVE-2020-1342,,"An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.",Microsoft,"Microsoft Sharepoint Enterprise Server,Microsoft Sharepoint Server,Microsoft Office,Microsoft Office Online Server,Microsoft 365 Apps For Enterprise For 32-bit Systems,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft Word,Microsoft Office Web Apps",5.5,MEDIUM,0.0013200000394135714,false,false,false,false,,false,false,2020-07-14T23:15:00.000Z,0 CVE-2020-1349,https://securityvulnerability.io/vulnerability/CVE-2020-1349,,"A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.",Microsoft,"Microsoft 365 Apps For Enterprise For 32-bit Systems,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft Office,Microsoft Outlook",7.8,HIGH,0.007029999978840351,false,false,false,true,true,false,false,2020-07-14T23:15:00.000Z,0 CVE-2020-1321,https://securityvulnerability.io/vulnerability/CVE-2020-1321,,"A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.",Microsoft,"Microsoft 365 Apps For Enterprise For 32-bit Systems,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft Office",8.8,HIGH,0.06233999878168106,false,false,false,false,,false,false,2020-06-09T19:44:08.000Z,0 CVE-2020-1322,https://securityvulnerability.io/vulnerability/CVE-2020-1322,,"An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'.",Microsoft,"Microsoft Project,Microsoft Office,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft 365 Apps For Enterprise For 32-bit Systems",6.5,MEDIUM,0.011629999615252018,false,false,false,false,,false,false,2020-06-09T19:44:08.000Z,0 CVE-2020-1229,https://securityvulnerability.io/vulnerability/CVE-2020-1229,,"A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.",Microsoft,"Microsoft 365 Apps For Enterprise For 32-bit Systems,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft Office,Microsoft Word",4.3,MEDIUM,0.003659999929368496,false,false,false,false,,false,false,2020-06-09T19:43:31.000Z,0 CVE-2020-1226,https://securityvulnerability.io/vulnerability/CVE-2020-1226,,"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1225.",Microsoft,"Microsoft 365 Apps For Enterprise For 32-bit Systems,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft Office,Microsoft Excel",8.8,HIGH,0.022670000791549683,false,false,false,false,,false,false,2020-06-09T19:43:31.000Z,0 CVE-2020-1225,https://securityvulnerability.io/vulnerability/CVE-2020-1225,,"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1226.",Microsoft,"Microsoft 365 Apps For Enterprise For 32-bit Systems,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft Office,Microsoft Excel",8.8,HIGH,0.022670000791549683,false,false,false,false,,false,false,2020-06-09T19:43:30.000Z,0 CVE-2020-0901,https://securityvulnerability.io/vulnerability/CVE-2020-0901,,"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.",Microsoft,"Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft Office,Microsoft Excel,Microsoft 365 Apps For Enterprise For 32-bit Systems",9.8,CRITICAL,0.05764999985694885,false,false,false,false,,false,false,2020-05-21T23:15:00.000Z,0 CVE-2019-1246,https://securityvulnerability.io/vulnerability/CVE-2019-1246,,"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.",Microsoft,"Windows,Windows Server,Microsoft Office,Office 365 Proplus,Windows 10 Version 1903 For 32-bit Systems,Windows 10 Version 1903 For X64-based Systems,Windows 10 Version 1903 For Arm64-based Systems,Windows Server, Version 1903 (server Core Installation)",7.8,HIGH,0.019530000165104866,false,false,false,false,,false,false,2019-09-11T21:24:59.000Z,0 CVE-2019-1155,https://securityvulnerability.io/vulnerability/CVE-2019-1155,Jet Database Engine Remote Code Execution Vulnerability,"A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. ",Microsoft,"Windows 10 Version 1703,Windows 10 Version 1803,Windows Server, Version 1803 (server Core Installation),Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows 10 Version 1709 For 32-bit Systems,Windows 10 Version 1709,Windows 10 Version 1903 For 32-bit Systems,Windows 10 Version 1903 For X64-based Systems,Windows 10 Version 1903 For Arm64-based Systems,Windows Server, Version 1903 (server Core Installation),Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows 7,Windows 7 Service Pack 1,Windows 8.1,Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 R2 Systems Service Pack 1,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation),Microsoft Office 2019,Office 365 Proplus,Microsoft Office 2016,Microsoft Office 2010 Service Pack 2,Microsoft Office 2013 Service Pack 1",7.8,HIGH,0.022919999435544014,false,false,false,false,,false,false,2019-08-14T20:55:03.000Z,0 CVE-2019-1153,https://securityvulnerability.io/vulnerability/CVE-2019-1153,Microsoft Graphics Component Information Disclosure Vulnerability,"An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. ",Microsoft,"Windows 10 Version 1703,Windows 10 Version 1803,Windows Server, Version 1803 (server Core Installation),Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows 10 Version 1709 For 32-bit Systems,Windows 10 Version 1709,Windows 10 Version 1903 For 32-bit Systems,Windows 10 Version 1903 For X64-based Systems,Windows 10 Version 1903 For Arm64-based Systems,Windows Server, Version 1903 (server Core Installation),Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows 7,Windows 7 Service Pack 1,Windows 8.1,Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 R2 Systems Service Pack 1,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation),Microsoft Office 2019 For Mac",5.5,MEDIUM,0.0008500000112690032,false,false,false,false,,false,false,2019-08-14T20:55:03.000Z,0 CVE-2019-1151,https://securityvulnerability.io/vulnerability/CVE-2019-1151,Microsoft Graphics Remote Code Execution Vulnerability,"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. ",Microsoft,"Windows 10 Version 1703,Windows 10 Version 1803,Windows Server, Version 1803 (server Core Installation),Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows 10 Version 1709 For 32-bit Systems,Windows 10 Version 1709,Windows 10 Version 1903 For 32-bit Systems,Windows 10 Version 1903 For X64-based Systems,Windows 10 Version 1903 For Arm64-based Systems,Windows Server, Version 1903 (server Core Installation),Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows 7,Windows 7 Service Pack 1,Windows 8.1,Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 R2 Systems Service Pack 1,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation),Microsoft Office 2019 For Mac",8.8,HIGH,0.03207999840378761,false,false,false,false,,false,false,2019-08-14T20:55:03.000Z,0 CVE-2019-1149,https://securityvulnerability.io/vulnerability/CVE-2019-1149,Microsoft Graphics Remote Code Execution Vulnerability,"A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. ",Microsoft,"Windows 10 Version 1703,Windows 10 Version 1803,Windows Server, Version 1803 (server Core Installation),Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows 10 Version 1709 For 32-bit Systems,Windows 10 Version 1709,Windows 10 Version 1903 For 32-bit Systems,Windows 10 Version 1903 For X64-based Systems,Windows 10 Version 1903 For Arm64-based Systems,Windows Server, Version 1903 (server Core Installation),Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows 7,Windows 7 Service Pack 1,Windows 8.1,Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 R2 Systems Service Pack 1,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation),Microsoft Office 2019 For Mac",8.8,HIGH,0.03207999840378761,false,false,false,false,,false,false,2019-08-14T20:55:02.000Z,0 CVE-2019-1148,https://securityvulnerability.io/vulnerability/CVE-2019-1148,Microsoft Graphics Component Information Disclosure Vulnerability,"An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. ",Microsoft,"Windows 10 Version 1703,Windows 10 Version 1803,Windows Server, Version 1803 (server Core Installation),Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows 10 Version 1709 For 32-bit Systems,Windows 10 Version 1709,Windows 10 Version 1903 For 32-bit Systems,Windows 10 Version 1903 For X64-based Systems,Windows 10 Version 1903 For Arm64-based Systems,Windows Server, Version 1903 (server Core Installation),Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows 7,Windows 7 Service Pack 1,Windows 8.1,Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 R2 Systems Service Pack 1,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation),Microsoft Office 2019 For Mac",5.5,MEDIUM,0.0007900000200606883,false,false,false,false,,false,false,2019-08-14T20:55:02.000Z,0 CVE-2008-3012,https://securityvulnerability.io/vulnerability/CVE-2008-3012,,"gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka ""GDI+ EMF Memory Corruption Vulnerability.""",Microsoft,"Forefront Client Security,Office System,Server,Digital Image Suite,Internet Explorer,Office,Sql Server Reporting Services,Windows,Windows Vista,Visio,Windows-nt,Windows Xp,Sql Server,Report Viewer,Works,Office Powerpoint Viewer",,,0.6925600171089172,false,false,false,false,,false,false,2008-09-11T01:11:00.000Z,0 CVE-2007-5348,https://securityvulnerability.io/vulnerability/CVE-2007-5348,,"Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka ""GDI+ VML Buffer Overrun Vulnerability.""",Microsoft,"Forefront Client Security,Office System,Server,Digital Image Suite,Internet Explorer,Office,Sql Server Reporting Services,Windows,Windows Vista,Visio,Windows-nt,Windows Xp,Sql Server,Report Viewer,Works,Office Powerpoint Viewer",,,0.6690899729728699,false,false,false,false,,false,false,2008-09-11T01:01:00.000Z,0