Vulnerabilities > Microsoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-10 | CVE-2019-1166 | Improper Validation of Integrity Check Value vulnerability in Microsoft products A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'. | 5.9 |
| 2019-10-10 | CVE-2019-1070 | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
| 2019-10-10 | CVE-2019-0608 | Authentication Bypass by Spoofing vulnerability in Microsoft Edge and Internet Explorer A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. | 4.3 |
| 2019-09-11 | CVE-2019-1305 | Cross-site Scripting vulnerability in Microsoft Azure Devops Server and Team Foundation Server A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | 5.4 |
| 2019-09-11 | CVE-2019-1299 | Improper Initialization vulnerability in Microsoft Edge An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'. | 6.5 |
| 2019-09-11 | CVE-2019-1294 | Unspecified vulnerability in Microsoft products A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'. low complexity microsoft | 4.6 |
| 2019-09-11 | CVE-2019-1293 | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosure Vulnerability'. | 5.5 |
| 2019-09-11 | CVE-2019-1292 | Unspecified vulnerability in Microsoft products A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 4.9 |
| 2019-09-11 | CVE-2019-1289 | Incorrect Authorization vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'. | 5.5 |
| 2019-09-11 | CVE-2019-1286 | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |