Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-06-12 CVE-2019-1046 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.
local
low complexity
microsoft CWE-200
5.5
5.5
2019-06-12 CVE-2019-1043 Unspecified vulnerability in Microsoft products
A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'.
network
low complexity
microsoft
6.8
6.8
2019-06-12 CVE-2019-1040 Unspecified vulnerability in Microsoft products
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.
network
high complexity
microsoft
5.9
5.9
2019-06-12 CVE-2019-1039 Improper Initialization vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'.
local
low complexity
microsoft CWE-665
5.5
5.5
2019-06-12 CVE-2019-1036 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
5.4
2019-06-12 CVE-2019-1033 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
5.4
2019-06-12 CVE-2019-1032 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
5.4
2019-06-12 CVE-2019-1031 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
5.4
2019-06-12 CVE-2019-1029 Unspecified vulnerability in Microsoft Lync Server 2010/2013
A denial of service vulnerability exists in Skype for Business, aka 'Skype for Business and Lync Server Denial of Service Vulnerability'.
network
high complexity
microsoft
5.9
5.9
2019-06-12 CVE-2019-1023 Information Exposure vulnerability in Microsoft Chakracore and Edge
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'.
network
low complexity
microsoft CWE-200
6.5
6.5