Vulnerabilities > Microsoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-05 | CVE-2019-0540 | Open Redirect vulnerability in Microsoft products A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | 5.5 |
| 2019-01-17 | CVE-2019-0647 | Information Exposure vulnerability in Microsoft Team Foundation Server 2017/2018 An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team. | 6.5 |
| 2019-01-17 | CVE-2019-0646 | Cross-site Scripting vulnerability in Microsoft Team Foundation Server 2018 A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team. | 5.4 |
| 2019-01-17 | CVE-2019-0624 | Cross-site Scripting vulnerability in Microsoft Skype for Business 2015 A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype. | 5.4 |
| 2019-01-08 | CVE-2019-0622 | Improper Authentication vulnerability in Microsoft Skype 8.35 An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35. | 4.6 |
| 2019-01-08 | CVE-2019-0588 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Exchange Server An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server. | 6.5 |
| 2019-01-08 | CVE-2019-0569 | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
| 2019-01-08 | CVE-2019-0562 | Unspecified vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. | 5.4 |
| 2019-01-08 | CVE-2019-0561 | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word. | 5.5 |
| 2019-01-08 | CVE-2019-0560 | Unspecified vulnerability in Microsoft Office, Office 365 Proplus and Outlook An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. | 5.5 |