Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-11-14 CVE-2018-8567 Unspecified vulnerability in Microsoft Edge
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.
network
low complexity
microsoft
5.4
2018-11-14 CVE-2018-8566 Unspecified vulnerability in Microsoft products
A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
low complexity
microsoft
4.6
2018-11-14 CVE-2018-8565 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka "Win32k Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
local
low complexity
microsoft CWE-200
5.5
2018-11-14 CVE-2018-8564 Unspecified vulnerability in Microsoft Edge
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.
network
low complexity
microsoft
4.3
2018-11-14 CVE-2018-8563 Unspecified vulnerability in Microsoft products
An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2008 R2.
local
low complexity
microsoft
5.5
2018-11-14 CVE-2018-8558 Information Exposure vulnerability in Microsoft Office and Office 365 Proplus
An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.
network
low complexity
microsoft CWE-200
6.5
2018-11-14 CVE-2018-8549 Unspecified vulnerability in Microsoft products
A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
local
low complexity
microsoft
5.5
2018-11-14 CVE-2018-8547 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directory Federation Services XSS Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
network
low complexity
microsoft CWE-79
5.4
2018-11-14 CVE-2018-8546 Unspecified vulnerability in Microsoft products
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
network
high complexity
microsoft
5.9
2018-11-14 CVE-2018-8545 Unspecified vulnerability in Microsoft Edge
An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.
network
low complexity
microsoft
4.3