Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-02-26 CVE-2018-0908 Cross-site Scripting vulnerability in Microsoft Identity Manager 2016
Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-79
6.1
2018-02-26 CVE-2018-7250 Information Exposure vulnerability in multiple products
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc.
local
low complexity
microsoft tivo CWE-200
5.5
2018-02-15 CVE-2018-0869 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2016
SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".
network
low complexity
microsoft CWE-79
5.4
2018-02-15 CVE-2018-0864 Cross-site Scripting vulnerability in Microsoft Sharepoint Server 2013/2016
SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability".
network
low complexity
microsoft CWE-79
5.4
2018-02-15 CVE-2018-0855 Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008
The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability".
network
low complexity
microsoft CWE-200
4.3
2018-02-15 CVE-2018-0850 Unspecified vulnerability in Microsoft Office and Outlook
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".
network
low complexity
microsoft
6.5
2018-02-15 CVE-2018-0847 Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability".
network
low complexity
microsoft CWE-787
4.3
2018-02-15 CVE-2018-0843 Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016
The Windows kernel in Windows 10 version 1709 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Kernel Information Disclosure Vulnerability".
local
high complexity
microsoft CWE-200
4.7
2018-02-15 CVE-2018-0839 Information Exposure vulnerability in Microsoft Edge
Microsoft Edge in Microsoft Windows 10 1703 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".
network
low complexity
microsoft CWE-200
4.3
2018-02-15 CVE-2018-0833 NULL Pointer Dereference vulnerability in Microsoft Windows 8.1, Windows RT 8.1 and Windows Server 2012
The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability".
network
high complexity
microsoft CWE-476
5.3