Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-14 | CVE-2018-0910 | Cross-site Scripting vulnerability in Microsoft Project Server and Sharepoint Enterprise Server Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". | 8.8 |
| 2018-03-14 | CVE-2018-0909 | Cross-site Scripting vulnerability in Microsoft Project Server and Sharepoint Enterprise Server Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". | 8.8 |
| 2018-03-14 | CVE-2018-0907 | Unspecified vulnerability in Microsoft Excel and Office Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office Excel Security Feature Bypass". | 7.8 |
| 2018-03-14 | CVE-2018-0903 | Unspecified vulnerability in Microsoft Access and Office Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability". | 7.8 |
| 2018-03-14 | CVE-2018-0902 | Unspecified vulnerability in Microsoft Windows 10, Windows Server and Windows Server 2016 The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. | 7.8 |
| 2018-03-14 | CVE-2018-0893 | Out-of-bounds Write vulnerability in Microsoft Edge Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.5 |
| 2018-03-14 | CVE-2018-0889 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9 Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.5 |
| 2018-03-14 | CVE-2018-0886 | Improper Authentication vulnerability in Microsoft products The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability". | 7.0 |
| 2018-03-14 | CVE-2018-0884 | Unspecified vulnerability in Microsoft Windows 10, Windows Server and Windows Server 2016 Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to how objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability". | 7.8 |
| 2018-03-14 | CVE-2018-0883 | Unspecified vulnerability in Microsoft products Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations are validated, aka "Windows Shell Remote Code Execution Vulnerability". | 7.5 |