Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-16	CVE-2017-17689	The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. network high complexity microsoft horde google 9folders flipdogsolutions r2mail2 apple bloop freron kde gnome mozilla ibm emclient postbox-inc ritlabs	5.9
2018-05-16	CVE-2017-17688	The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. network high complexity microsoft horde flipdogsolutions r2mail2 apple bloop freron mozilla emclient postbox-inc roundcube	5.9
2018-05-09	CVE-2018-8168	Cross-site Scripting vulnerability in Microsoft Sharepoint Server 2010/2013 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. network low complexity microsoft CWE-79	5.4
2018-05-09	CVE-2018-8163	Information Exposure vulnerability in Microsoft Excel and Office An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Excel. local low complexity microsoft CWE-200	5.5
2018-05-09	CVE-2018-8160	Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office. network low complexity microsoft CWE-200	6.5
2018-05-09	CVE-2018-8159	Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016 An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. network low complexity microsoft CWE-79	5.4
2018-05-09	CVE-2018-8156	Cross-site Scripting vulnerability in Microsoft Project Server and Sharepoint Server An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint, Microsoft Project Server. network low complexity microsoft CWE-79	5.4
2018-05-09	CVE-2018-8155	Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. network low complexity microsoft CWE-79	5.4
2018-05-09	CVE-2018-8153	Authentication Bypass by Spoofing vulnerability in Microsoft Exchange Server 2016 A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server. network low complexity microsoft CWE-290	5.4
2018-05-09	CVE-2018-8152	Cross-site Scripting vulnerability in Microsoft Exchange Server 2016 An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. network low complexity microsoft CWE-79	5.4