Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2016-11-10 CVE-2016-7251 Cross-site Scripting vulnerability in Microsoft SQL Server 2016
Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."
network
low complexity
microsoft CWE-79
6.1
2016-11-10 CVE-2016-7250 Permissions, Privileges, and Access Controls vulnerability in Microsoft SQL Server 2014/2016
Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-264
8.8
2016-11-10 CVE-2016-7249 Permissions, Privileges, and Access Controls vulnerability in Microsoft SQL Server 2016
Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-264
8.8
2016-11-10 CVE-2016-7248 Improper Access Control vulnerability in Microsoft products
Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Video Control Remote Code Execution Vulnerability."
local
low complexity
microsoft CWE-284
7.8
2016-11-10 CVE-2016-7247 Improper Access Control vulnerability in Microsoft products
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component Vulnerability."
network
low complexity
microsoft CWE-284
7.5
2016-11-10 CVE-2016-7246 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.8
2016-11-10 CVE-2016-7245 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.8
2016-11-10 CVE-2016-7244 Improper Access Control vulnerability in Microsoft Office 2007
Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."
local
low complexity
microsoft CWE-284
5.5
2016-11-10 CVE-2016-7243 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7242.
network
high complexity
microsoft CWE-119
7.5
2016-11-10 CVE-2016-7242 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7243.
network
high complexity
microsoft CWE-119
7.5