Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-15 CVE-2018-8358 Unspecified vulnerability in Microsoft Edge
A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
network
low complexity
microsoft
4.3
2018-08-15 CVE-2018-8351 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Microsoft Edge and Internet Explorer
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
network
low complexity
microsoft CWE-829
6.5
2018-08-15 CVE-2018-8348 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
local
high complexity
microsoft CWE-200
4.7
2018-08-15 CVE-2018-8341 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
local
high complexity
microsoft CWE-200
4.7
2018-08-15 CVE-2018-8340 Unspecified vulnerability in Microsoft Windows Server 2012 and Windows Server 2016
A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka "AD FS Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows Server 2012 R2, Windows 10 Servers.
network
low complexity
microsoft
6.5
2018-08-15 CVE-2018-8253 Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016
An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10.
low complexity
microsoft
4.6
2018-08-15 CVE-2018-8204 Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
local
low complexity
microsoft
5.3
2018-08-15 CVE-2018-8200 Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
local
low complexity
microsoft
5.3
2018-07-11 CVE-2018-8356 Improper Certificate Validation vulnerability in Microsoft products
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
local
low complexity
microsoft CWE-295
5.5
2018-07-11 CVE-2018-8326 Cross-site Scripting vulnerability in Microsoft web Customizations
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Open Source Customization for Active Directory Federation Services XSS Vulnerability." This affects Web Customizations.
network
low complexity
microsoft CWE-79
5.4