Vulnerabilities > Microsoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-11 | CVE-2019-1262 | Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation 2013 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
| 2019-09-11 | CVE-2019-1260 | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. | 6.5 |
| 2019-09-11 | CVE-2019-1254 | Use of Uninitialized Resource vulnerability in Microsoft products An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | 5.5 |
| 2019-09-11 | CVE-2019-1252 | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
| 2019-09-11 | CVE-2019-1251 | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. | 5.5 |
| 2019-09-11 | CVE-2019-1245 | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. | 6.5 |
| 2019-09-11 | CVE-2019-1244 | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. | 6.5 |
| 2019-09-11 | CVE-2019-1231 | Improper Certificate Validation vulnerability in Microsoft Project Rome 1.4.1 An information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS certificate validation, aka 'Rome SDK Information Disclosure Vulnerability'. | 5.9 |
| 2019-09-11 | CVE-2019-1220 | Forced Browsing vulnerability in Microsoft Edge and Internet Explorer A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'. | 4.3 |
| 2019-09-11 | CVE-2019-1219 | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory, aka 'Windows Transaction Manager Information Disclosure Vulnerability'. | 5.5 |