Vulnerabilities > Microsoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-14 | CVE-2018-8408 | Improper Initialization vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
| 2018-11-14 | CVE-2018-8407 | Improper Initialization vulnerability in Microsoft products An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver improperly initializes objects in memory, aka "MSRPC Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 5.5 |
| 2018-10-10 | CVE-2018-8533 | XXE vulnerability in Microsoft SQL Server Management Studio 17.9/18.0 An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. | 5.5 |
| 2018-10-10 | CVE-2018-8532 | XXE vulnerability in Microsoft SQL Server Management Studio 17.9/18.0 An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. | 5.5 |
| 2018-10-10 | CVE-2018-8530 | Unspecified vulnerability in Microsoft Edge A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. | 4.3 |
| 2018-10-10 | CVE-2018-8527 | XXE vulnerability in Microsoft SQL Server Management Studio 17.9/18.0 An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. | 5.5 |
| 2018-10-10 | CVE-2018-8518 | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. | 5.4 |
| 2018-10-10 | CVE-2018-8512 | Improper Input Validation vulnerability in Microsoft Edge A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. | 5.4 |
| 2018-10-10 | CVE-2018-8506 | Unspecified vulnerability in Microsoft products An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. | 5.5 |
| 2018-10-10 | CVE-2018-8498 | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. | 5.4 |