Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-15	CVE-2020-0899	Unspecified vulnerability in Microsoft Visual Studio 2017 and Visual Studio 2019 An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'. local low complexity microsoft	5.5
2020-04-15	CVE-2020-0821	Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. local low complexity microsoft	5.5
2020-04-15	CVE-2020-0794	Unspecified vulnerability in Microsoft products A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. local low complexity microsoft	5.5
2020-04-15	CVE-2020-0699	Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. local low complexity microsoft	5.5
2020-03-13	CVE-2009-5159	Cross-site Scripting vulnerability in multiple products Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. network low complexity invisioncommunity microsoft CWE-79	6.1
2020-03-12	CVE-2020-0903	Cross-site Scripting vulnerability in Microsoft Exchange Server 2016/2019 A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'. network low complexity microsoft CWE-79	5.4
2020-03-12	CVE-2020-0894	Cross-site Scripting vulnerability in Microsoft products A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. network low complexity microsoft CWE-79	5.4
2020-03-12	CVE-2020-0893	Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. network low complexity microsoft CWE-79	5.4
2020-03-12	CVE-2020-0891	Cross-site Scripting vulnerability in Microsoft products This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. network low complexity microsoft CWE-79	5.4
2020-03-12	CVE-2020-0885	Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. network low complexity microsoft	4.3