Vulnerabilities > Microsoft > Low

DATE CVE VULNERABILITY TITLE RISK
2021-04-13 CVE-2021-28312 Unspecified vulnerability in Microsoft products
Windows NTFS Denial of Service Vulnerability
local
low complexity
microsoft
3.3
2021-01-11 CVE-2020-24003 Unspecified vulnerability in Microsoft Skype 8.59.0.77
Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.
local
low complexity
microsoft
2.1
2020-12-22 CVE-2020-35609 Injection vulnerability in Microsoft Azure Sphere 20.05
A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05.
local
low complexity
microsoft CWE-74
2.1
2020-12-10 CVE-2020-17097 Unspecified vulnerability in Microsoft products
Windows Digital Media Receiver Elevation of Privilege Vulnerability
local
low complexity
microsoft
3.3
2020-12-09 CVE-2020-10146 Cross-site Scripting vulnerability in Microsoft Teams
The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands.
network
microsoft CWE-79
3.5
2020-12-08 CVE-2020-26233 Use of Incorrectly-Resolved Name or Reference vulnerability in Microsoft GIT Credential Manager Core
Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS.
network
high complexity
microsoft CWE-706
3.6
2020-11-11 CVE-2020-17020 Unspecified vulnerability in Microsoft 365 Apps, Office and Word
Microsoft Word Security Feature Bypass Vulnerability
local
low complexity
microsoft
3.3
2020-07-14 CVE-2020-1326 Cross-site Scripting vulnerability in Microsoft Azure Devops Server 2019/2019.0.1
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
network
microsoft CWE-79
3.5
2020-07-14 CVE-2020-1330 Information Exposure vulnerability in Microsoft products
An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability'.
local
low complexity
microsoft CWE-200
2.1
2020-07-14 CVE-2020-1333 Improper Privilege Management vulnerability in Microsoft products
An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points, aka 'Group Policy Services Policy Processing Elevation of Privilege Vulnerability'.
local
high complexity
microsoft CWE-269
3.7