Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-10 | CVE-2018-8265 | Improper Input Validation vulnerability in Microsoft Exchange Server 2013/2016 A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server. | 7.8 |
| 2018-09-21 | CVE-2018-16793 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2010 Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | 8.6 |
| 2018-09-18 | CVE-2018-16794 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Active Directory Federation Services Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. | 8.6 |
| 2018-09-13 | CVE-2018-8475 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
| 2018-09-13 | CVE-2018-8474 | Improper Input Validation vulnerability in Microsoft Lync for mac 2011 A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects Microsoft Lync. | 7.5 |
| 2018-09-13 | CVE-2018-8469 | Unspecified vulnerability in Microsoft Edge An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. | 7.4 |
| 2018-09-13 | CVE-2018-8467 | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. | 7.5 |
| 2018-09-13 | CVE-2018-8466 | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. | 7.5 |
| 2018-09-13 | CVE-2018-8465 | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. | 7.5 |
| 2018-09-13 | CVE-2018-8464 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge PDF Remote Code Execution Vulnerability." This affects Microsoft Edge. | 7.5 |