Vulnerabilities > Microsoft > Windows Server 2016 > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-21 | CVE-2020-1078 | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 4.6 |
2020-05-21 | CVE-2020-1077 | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. | 4.6 |
2020-05-21 | CVE-2020-1055 | Cross-site Scripting vulnerability in Microsoft products A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'. | 4.3 |
2020-05-21 | CVE-2020-1021 | Race Condition vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. | 4.6 |
2020-05-21 | CVE-2020-0963 | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 4.3 |
2020-05-21 | CVE-2020-0909 | Improper Input Validation vulnerability in Microsoft products A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets.To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to properly handle these network packets., aka 'Windows Hyper-V Denial of Service Vulnerability'. | 5.0 |
2020-04-15 | CVE-2020-1020 | Out-of-bounds Write vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. | 6.8 |
2020-04-15 | CVE-2020-0993 | Resource Exhaustion vulnerability in Microsoft products A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. | 6.8 |
2020-04-15 | CVE-2020-0981 | Injection vulnerability in Microsoft Windows 10 and Windows Server 2016 A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.The update addresses the vulnerability by correcting how Windows handles token relationships, aka 'Windows Token Security Feature Bypass Vulnerability'. | 4.6 |
2020-04-15 | CVE-2020-0965 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 4.6 |