Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-11-14 CVE-2018-8602 Cross-site Scripting vulnerability in Microsoft Team Foundation Server 2017/2018
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
network
low complexity
microsoft CWE-79
5.4
2018-11-14 CVE-2018-8600 Cross-site Scripting vulnerability in Microsoft Azure APP Service on Azure Stack
A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka "Azure App Service Cross-site Scripting Vulnerability." This affects Azure App.
network
low complexity
microsoft CWE-79
6.1
2018-11-14 CVE-2018-8592 Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2019
An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows Server 2019.
high complexity
microsoft
6.4
2018-11-14 CVE-2018-8579 Unspecified vulnerability in Microsoft Office and Office 365 Proplus
An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.
network
low complexity
microsoft
6.5
2018-11-14 CVE-2018-8578 Unspecified vulnerability in Microsoft Sharepoint Enterprise Server 2013
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.
network
low complexity
microsoft
4.3
2018-11-14 CVE-2018-8572 Cross-site Scripting vulnerability in Microsoft products
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
2018-11-14 CVE-2018-8568 Cross-site Scripting vulnerability in Microsoft products
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
2018-11-14 CVE-2018-8567 Unspecified vulnerability in Microsoft Edge
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.
network
low complexity
microsoft
5.4
2018-11-14 CVE-2018-8566 Unspecified vulnerability in Microsoft products
A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
low complexity
microsoft
4.6
2018-11-14 CVE-2018-8565 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka "Win32k Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
local
low complexity
microsoft CWE-200
5.5