Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-08-17 CVE-2020-1383 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled.
local
low complexity
microsoft
5.5
2020-07-29 CVE-2020-15707 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow.
6.4
2020-07-29 CVE-2020-15706 Use After Free vulnerability in multiple products
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass.
6.4
2020-07-29 CVE-2020-15705 Improper Verification of Cryptographic Signature vulnerability in multiple products
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed.
6.4
2020-07-14 CVE-2020-1468 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.
network
low complexity
microsoft
6.5
2020-07-14 CVE-2020-1462 Unspecified vulnerability in Microsoft Edge
An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability'.
network
low complexity
microsoft
4.3
2020-07-14 CVE-2020-1456 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
2020-07-14 CVE-2020-1454 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
2020-07-14 CVE-2020-1451 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
2020-07-14 CVE-2020-1450 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4