Vulnerabilities > Microsoft > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-26 | CVE-2018-0908 | Cross-site Scripting vulnerability in Microsoft Identity Manager 2016 Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability." | 6.1 |
2018-02-26 | CVE-2018-7250 | Information Exposure vulnerability in multiple products An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. | 5.5 |
2018-02-15 | CVE-2018-0869 | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2016 SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". | 5.4 |
2018-02-15 | CVE-2018-0864 | Cross-site Scripting vulnerability in Microsoft Sharepoint Server 2013/2016 SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability". | 5.4 |
2018-02-15 | CVE-2018-0855 | Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008 The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". | 4.3 |
2018-02-15 | CVE-2018-0850 | Unspecified vulnerability in Microsoft Office and Outlook Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability". | 6.5 |
2018-02-15 | CVE-2018-0847 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability". | 4.3 |
2018-02-15 | CVE-2018-0843 | Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016 The Windows kernel in Windows 10 version 1709 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Kernel Information Disclosure Vulnerability". | 4.7 |
2018-02-15 | CVE-2018-0839 | Information Exposure vulnerability in Microsoft Edge Microsoft Edge in Microsoft Windows 10 1703 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". | 4.3 |
2018-02-15 | CVE-2018-0833 | NULL Pointer Dereference vulnerability in Microsoft Windows 8.1, Windows RT 8.1 and Windows Server 2012 The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability". | 5.3 |