Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-02-09 CVE-2021-21130 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
network
low complexity
google microsoft
6.5
2021-02-09 CVE-2021-21129 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
network
low complexity
google microsoft
6.5
2021-02-09 CVE-2021-21126 Improper Input Validation vulnerability in multiple products
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.
network
low complexity
google microsoft CWE-20
6.5
2021-02-09 CVE-2021-21123 Improper Input Validation vulnerability in multiple products
Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
network
low complexity
google microsoft CWE-20
6.5
2021-01-21 CVE-2020-8567 Path Traversal vulnerability in multiple products
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
network
low complexity
google hashicorp microsoft CWE-22
6.5
2020-12-22 CVE-2020-35609 Infinite Loop vulnerability in Microsoft Azure Sphere 20.05
A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05.
local
low complexity
microsoft CWE-835
5.5
2020-12-09 CVE-2020-10146 Cross-site Scripting vulnerability in Microsoft Teams
The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands.
network
low complexity
microsoft CWE-79
5.4
2020-10-07 CVE-2020-26870 Cross-site Scripting vulnerability in multiple products
Cure53 DOMPurify before 2.0.17 allows mutation XSS.
network
low complexity
cure53 debian microsoft oracle CWE-79
6.1
2020-09-15 CVE-2020-8927 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB.
6.5
2020-08-17 CVE-2020-1591 Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.0
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server.
network
low complexity
microsoft CWE-79
5.4