Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-14 CVE-2018-0885 Improper Input Validation vulnerability in Microsoft products
The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to how input from a privileged user on a guest operating system is validated, aka "Hyper-V Denial of Service Vulnerability".
network
high complexity
microsoft CWE-20
5.8
2018-03-14 CVE-2018-0814 Improper Initialization vulnerability in Microsoft products
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability".
local
low complexity
microsoft CWE-665
5.5
2018-03-14 CVE-2018-0813 Improper Initialization vulnerability in Microsoft products
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability".
local
low complexity
microsoft CWE-665
5.5
2018-03-14 CVE-2018-0811 Improper Initialization vulnerability in Microsoft products
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability".
local
low complexity
microsoft CWE-665
5.5
2018-02-26 CVE-2018-0908 Cross-site Scripting vulnerability in Microsoft Identity Manager 2016
Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-79
6.1
2018-02-26 CVE-2018-7250 Information Exposure vulnerability in multiple products
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc.
local
low complexity
microsoft tivo CWE-200
5.5
2018-02-15 CVE-2018-0869 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2016
SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".
network
low complexity
microsoft CWE-79
5.4
2018-02-15 CVE-2018-0864 Cross-site Scripting vulnerability in Microsoft Sharepoint Server 2013/2016
SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability".
network
low complexity
microsoft CWE-79
5.4
2018-02-15 CVE-2018-0855 Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008
The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability".
network
low complexity
microsoft CWE-200
4.3
2018-02-15 CVE-2018-0850 Unspecified vulnerability in Microsoft Office and Outlook
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".
network
low complexity
microsoft
6.5