Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-01-10 CVE-2018-0819 Unspecified vulnerability in Microsoft Office 2016
Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka "Spoofing Vulnerability in Microsoft Office for Mac."
network
low complexity
microsoft
6.5
2018-01-10 CVE-2018-0799 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016
Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability".
network
low complexity
microsoft CWE-79
6.1
2018-01-10 CVE-2018-0785 Cross-Site Request Forgery (CSRF) vulnerability in Microsoft Asp.Net Core 2.0
ASP.NET Core 1.0.
network
low complexity
microsoft CWE-352
6.5
2018-01-04 CVE-2018-0803 Incorrect Authorization vulnerability in Microsoft Edge
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of Privilege Vulnerability".
network
high complexity
microsoft CWE-863
4.2
2018-01-04 CVE-2018-0800 Information Exposure vulnerability in Microsoft Chakracore and Edge
Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".
network
high complexity
microsoft CWE-200
5.3
2018-01-04 CVE-2018-0780 Out-of-bounds Read vulnerability in Microsoft Chakracore and Edge
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".
network
high complexity
microsoft CWE-125
5.3
2018-01-04 CVE-2018-0767 Out-of-bounds Read vulnerability in Microsoft Chakracore and Edge
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".
network
high complexity
microsoft CWE-125
5.3
2018-01-04 CVE-2018-0766 Information Exposure vulnerability in Microsoft Edge
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".
network
low complexity
microsoft CWE-200
4.3
2018-01-04 CVE-2018-0754 Unspecified vulnerability in Microsoft products
The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Information Disclosure Vulnerability".
local
low complexity
microsoft
5.5
2018-01-04 CVE-2018-0753 Unspecified vulnerability in Microsoft products
Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the way objects are handled in memory, aka "Windows IPSec Denial of Service Vulnerability".
network
high complexity
microsoft
5.9