Vulnerabilities > Microsoft > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-09 | CVE-2021-21130 | Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | 6.5 |
2021-02-09 | CVE-2021-21129 | Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | 6.5 |
2021-02-09 | CVE-2021-21126 | Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. | 6.5 |
2021-02-09 | CVE-2021-21123 | Improper Input Validation vulnerability in multiple products Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | 6.5 |
2021-01-21 | CVE-2020-8567 | Path Traversal vulnerability in multiple products Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods. | 6.5 |
2020-12-22 | CVE-2020-35609 | Infinite Loop vulnerability in Microsoft Azure Sphere 20.05 A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. | 5.5 |
2020-12-09 | CVE-2020-10146 | Cross-site Scripting vulnerability in Microsoft Teams The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. | 5.4 |
2020-10-07 | CVE-2020-26870 | Cross-site Scripting vulnerability in multiple products Cure53 DOMPurify before 2.0.17 allows mutation XSS. | 6.1 |
2020-09-15 | CVE-2020-8927 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. | 6.5 |
2020-08-17 | CVE-2020-1591 | Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.0 A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. | 5.4 |