Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-12 CVE-2018-8621 Unspecified vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Server 2012
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2012, Windows 7, Windows Server 2008 R2.
local
low complexity
microsoft
5.5
2018-12-12 CVE-2018-8612 Improper Input Validation vulnerability in Microsoft products
A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values, aka "Connected User Experiences and Telemetry Service Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
local
low complexity
microsoft CWE-20
5.5
2018-12-12 CVE-2018-8604 Unspecified vulnerability in Microsoft Exchange Server 2016
A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.
network
low complexity
microsoft
4.3
2018-12-12 CVE-2018-8598 Unspecified vulnerability in Microsoft Excel, Office and Office 365 Proplus
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel.
local
high complexity
microsoft
4.7
2018-12-12 CVE-2018-8596 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
network
low complexity
microsoft
6.5
2018-12-12 CVE-2018-8595 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
network
low complexity
microsoft
6.5
2018-12-12 CVE-2018-8580 Information Exposure vulnerability in Microsoft Sharepoint Server 2010/2013/2016
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.
network
low complexity
microsoft CWE-200
4.3
2018-12-12 CVE-2018-8514 Improper Initialization vulnerability in Microsoft products
An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory, aka "Remote Procedure Call runtime Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
local
low complexity
microsoft CWE-665
5.5
2018-12-12 CVE-2018-8477 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
local
low complexity
microsoft
5.5
2018-11-14 CVE-2018-8608 Cross-site Scripting vulnerability in Microsoft Dynamics 365 8.0/8.2
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365.
network
low complexity
microsoft CWE-79
5.4