Vulnerabilities > Microsoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-14 | CVE-2020-1267 | Unspecified vulnerability in Microsoft products This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'. | 4.9 |
| 2020-06-09 | CVE-2020-1348 | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
| 2020-06-09 | CVE-2020-1343 | Cleartext Transmission of Sensitive Information vulnerability in Microsoft Visual Studio Live Share An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability'. | 5.9 |
| 2020-06-09 | CVE-2020-1340 | Cross-site Scripting vulnerability in Microsoft Nugetgallery A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka 'NuGetGallery Spoofing Vulnerability'. | 5.4 |
| 2020-06-09 | CVE-2020-1331 | Authentication Bypass by Spoofing vulnerability in Microsoft System Center Operations Manager A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'. | 5.4 |
| 2020-06-09 | CVE-2020-1329 | Authentication Bypass by Spoofing vulnerability in Microsoft Bing A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Microsoft Bing Search Spoofing Vulnerability'. | 6.5 |
| 2020-06-09 | CVE-2020-1327 | Cross-site Scripting vulnerability in Microsoft Azure Devops Server 2019/2019.0.1 A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'. | 6.1 |
| 2020-06-09 | CVE-2020-1323 | Open Redirect vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'. | 6.1 |
| 2020-06-09 | CVE-2020-1322 | Use of Uninitialized Resource vulnerability in Microsoft 365 Apps, Office and Project An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'. | 6.5 |
| 2020-06-09 | CVE-2020-1320 | Cross-site Scripting vulnerability in Microsoft products A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |