Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-06-16 CVE-2016-3212 Cross-site Scripting vulnerability in Microsoft Internet Explorer 10/11/9
The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."
network
low complexity
microsoft CWE-79
6.1
2016-06-16 CVE-2016-3201 Information Exposure vulnerability in Microsoft products
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215.
network
low complexity
microsoft CWE-200
6.5
2016-06-16 CVE-2016-3198 7PK - Security Features vulnerability in Microsoft Edge
Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass."
network
low complexity
microsoft CWE-254
6.5
2016-06-16 CVE-2016-0028 Information Exposure vulnerability in Microsoft Outlook web Access
Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
5.5
2016-05-11 CVE-2016-0194 Information Exposure vulnerability in Microsoft Internet Explorer 10/11
Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
network
high complexity
microsoft CWE-200
5.3
2016-05-11 CVE-2016-0190 Information Exposure vulnerability in Microsoft Windows 8.1, Windows RT 8.1 and Windows Server 2012
Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk, which allows local users to read arbitrary files on these disks via RemoteFX requests, aka "Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
5.5
2016-05-11 CVE-2016-0181 7PK - Security Features vulnerability in Microsoft Windows 10 1511
Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity (HVCI) protection mechanism and perform RWX markings of kernel-mode pages via a crafted application, aka "Hypervisor Code Integrity Security Feature Bypass."
local
low complexity
microsoft CWE-254
5.5
2016-05-11 CVE-2016-0169 Information Exposure vulnerability in Microsoft products
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168.
network
low complexity
microsoft CWE-200
6.5
2016-05-11 CVE-2016-0168 Information Exposure vulnerability in Microsoft products
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169.
network
low complexity
microsoft CWE-200
6.5
2016-05-11 CVE-2016-0149 Information Exposure vulnerability in Microsoft .Net Framework
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability."
network
high complexity
microsoft CWE-200
5.9