Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-06-09 CVE-2020-1220 Open Redirect vulnerability in Microsoft Edge
A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'.
network
low complexity
microsoft CWE-601
6.1
6.1
2020-06-09 CVE-2020-1194 Unspecified vulnerability in Microsoft products
A denial of service vulnerability exists when Windows Registry improperly handles filesystem operations, aka 'Windows Registry Denial of Service Vulnerability'.
local
low complexity
microsoft
5.5
5.5
2020-06-09 CVE-2020-1183 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
5.4
2020-06-09 CVE-2020-1177 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
5.4
2020-06-09 CVE-2020-1160 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'.
local
low complexity
microsoft
5.5
5.5
2020-06-09 CVE-2020-1148 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
5.4
2020-06-09 CVE-2020-1120 Unspecified vulnerability in Microsoft Windows 10 2004
A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'.
local
low complexity
microsoft
5.5
5.5
2020-05-21 CVE-2020-1195 Improper Input Validation vulnerability in Microsoft Edge
An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'.
network
high complexity
microsoft CWE-20
5.9
5.9
2020-05-21 CVE-2020-1179 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.
network
low complexity
microsoft
6.5
6.5
2020-05-21 CVE-2020-1173 Improper Input Validation vulnerability in Microsoft Power BI Report Server
A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka 'Microsoft Power BI Report Server Spoofing Vulnerability'.
network
low complexity
microsoft CWE-20
6.8
6.8