The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2012 allows information disclosure, due to how the Windows EOT font. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Windows Scripting Host (WSH) in Windows 10 versions 1703 and 1709 and Windows Server, version 1709 allows a Device Guard security feature bypass vulnerability due to the way objects are handled in. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.
The Windows kernel in Windows 10 version 1709 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Kernel Information. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka "Windows Kernel. Rated medium severity (CVSS 4.7).
The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and. Rated medium severity (CVSS 4.7).
The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Microsoft Edge in Microsoft Windows 10 1703 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka "Microsoft Edge Security Feature. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.
Microsoft Edge in Microsoft Windows 10 1703 and 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.