Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2016-12-20 CVE-2016-7258 Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
5.5
2016-12-20 CVE-2016-7257 Information Exposure vulnerability in Microsoft products
The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-200
6.5
2016-12-20 CVE-2016-7219 Information Exposure vulnerability in Microsoft products
The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Crypto Driver Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
5.5
2016-12-20 CVE-2016-7206 Cross-site Scripting vulnerability in Microsoft Edge
Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280.
network
low complexity
microsoft CWE-79
6.1
2016-12-20 CVE-2016-7181 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
network
high complexity
microsoft CWE-119
7.5
2016-11-10 CVE-2016-7256 Unspecified vulnerability in Microsoft products
atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability."
network
low complexity
microsoft
8.8
2016-11-10 CVE-2016-7255 Unspecified vulnerability in Microsoft products
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
local
low complexity
microsoft
7.8
2016-11-10 CVE-2016-7254 Permissions, Privileges, and Access Controls vulnerability in Microsoft SQL Server 2012
Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-264
8.8
2016-11-10 CVE-2016-7253 Permissions, Privileges, and Access Controls vulnerability in Microsoft SQL Server 2012/2014
The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-264
8.8
2016-11-10 CVE-2016-7252 Information Exposure vulnerability in Microsoft SQL Server 2016
Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-200
6.5