Vulnerabilities > Microsoft > High

DATE CVE VULNERABILITY TITLE RISK
2020-04-15 CVE-2020-0984 Improper Input Validation vulnerability in Microsoft Autoupdate
An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka 'Microsoft (MAU) Office Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-20
7.8
2020-04-15 CVE-2020-0983 Unspecified vulnerability in Microsoft products
An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'.
local
low complexity
microsoft
7.8
2020-04-15 CVE-2020-0981 Incorrect Authorization vulnerability in Microsoft Windows 10 and Windows Server 2016
A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.The update addresses the vulnerability by correcting how Windows handles token relationships, aka 'Windows Token Security Feature Bypass Vulnerability'.
local
low complexity
microsoft CWE-863
8.8
2020-04-15 CVE-2020-0980 Unspecified vulnerability in Microsoft products
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.
local
low complexity
microsoft
7.8
2020-04-15 CVE-2020-0979 Unspecified vulnerability in Microsoft Office 365 Proplus
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
network
low complexity
microsoft
8.8
2020-04-15 CVE-2020-0974 Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-434
8.8
2020-04-15 CVE-2020-0971 Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-434
8.8
2020-04-15 CVE-2020-0970 Out-of-bounds Write vulnerability in Microsoft Chakracore
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.
network
high complexity
microsoft CWE-787
7.5
2020-04-15 CVE-2020-0969 Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.
network
high complexity
microsoft CWE-787
7.5
2020-04-15 CVE-2020-0968 Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11/9
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.
network
high complexity
microsoft CWE-787
7.5