Vulnerabilities > Microsoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-16 | CVE-2019-0921 | Unspecified vulnerability in Microsoft Internet Explorer 10/11/9 An spoofing vulnerability exists when Internet Explorer improperly handles URLs, aka 'Internet Explorer Spoofing Vulnerability'. | 6.5 |
| 2019-05-16 | CVE-2019-0886 | Improper Input Validation vulnerability in Microsoft products An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | 6.8 |
| 2019-05-16 | CVE-2019-0882 | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
| 2019-05-16 | CVE-2019-0872 | Cross-site Scripting vulnerability in Microsoft Azure Devops Server and Team Foundation Server A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. | 5.4 |
| 2019-05-16 | CVE-2019-0864 | Unspecified vulnerability in Microsoft .Net Framework A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'. | 5.5 |
| 2019-05-16 | CVE-2019-0819 | Unspecified vulnerability in Microsoft SQL Server 2017 An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'. | 6.5 |
| 2019-05-16 | CVE-2019-0758 | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
| 2019-05-16 | CVE-2019-0733 | Unspecified vulnerability in Microsoft products A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'. | 5.3 |
| 2019-05-14 | CVE-2019-11397 | Path Traversal vulnerability in multiple products GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter. | 6.5 |
| 2019-04-09 | CVE-2019-0876 | Unspecified vulnerability in Microsoft Open Enclave Software Development KIT 0.1.0/0.4.0/0.4.1 An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'. | 5.5 |