Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-13 CVE-2017-8648 Information Exposure vulnerability in Microsoft Windows 10 1703
Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".
network
low complexity
microsoft CWE-200
4.3
2017-09-13 CVE-2017-8643 Information Exposure vulnerability in Microsoft Edge
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure Vulnerability".
network
low complexity
microsoft CWE-200
4.3
2017-09-13 CVE-2017-8629 Cross-site Scripting vulnerability in Microsoft Sharepoint Server 2013
Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability".
network
low complexity
microsoft CWE-79
5.4
2017-09-13 CVE-2017-8628 Unspecified vulnerability in Microsoft products
Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka "Microsoft Bluetooth Driver Spoofing Vulnerability".
high complexity
microsoft
6.8
2017-09-13 CVE-2017-8597 Information Exposure vulnerability in Microsoft Windows 10 1703
Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".
network
low complexity
microsoft CWE-200
4.3
2017-09-13 CVE-2017-11761 Information Exposure vulnerability in Microsoft Exchange Server 2013/2016
Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"
network
low complexity
microsoft CWE-200
5.3
2017-08-08 CVE-2017-8673 Unspecified vulnerability in Microsoft Windows 10 1703
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 10 1703 allows an attacker to connect to a target system using RDP and send specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability."
network
high complexity
microsoft
5.9
2017-08-08 CVE-2017-8668 Information Exposure vulnerability in Microsoft products
The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability".
local
low complexity
microsoft CWE-200
5.5
2017-08-08 CVE-2017-8666 Information Exposure vulnerability in Microsoft products
Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability".
local
low complexity
microsoft CWE-200
5.5
2017-08-08 CVE-2017-8662 Information Exposure vulnerability in Microsoft Edge
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disclose information due to how strings are validated in specific scenarios, aka "Microsoft Edge Information Disclosure Vulnerability".
network
low complexity
microsoft CWE-200
4.3