Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-09-13 CVE-2018-8315 Information Exposure vulnerability in Microsoft Chakracore, Edge and Internet Explorer
An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
network
high complexity
microsoft CWE-200
4.2
2018-09-13 CVE-2018-8271 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
local
low complexity
microsoft CWE-200
5.5
2018-08-15 CVE-2018-8398 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
network
low complexity
microsoft CWE-200
6.5
2018-08-15 CVE-2018-8396 Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
local
high complexity
microsoft CWE-200
4.7
2018-08-15 CVE-2018-8394 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
network
low complexity
microsoft CWE-200
6.5
2018-08-15 CVE-2018-8388 Authentication Bypass by Spoofing vulnerability in Microsoft Edge
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.
network
low complexity
microsoft CWE-290
4.3
2018-08-15 CVE-2018-8383 Authentication Bypass by Spoofing vulnerability in Microsoft Edge
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.
network
low complexity
microsoft CWE-290
4.3
2018-08-15 CVE-2018-8382 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
local
low complexity
microsoft CWE-200
5.5
2018-08-15 CVE-2018-8378 Use of Uninitialized Resource vulnerability in Microsoft products
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.
local
low complexity
microsoft CWE-908
5.5
2018-08-15 CVE-2018-8374 Unspecified vulnerability in Microsoft Exchange Server 2016
A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.
network
low complexity
microsoft
4.3