Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-13 CVE-2024-30472 Unspecified vulnerability in Microsoft Telemetry Dashboard 1.0.0.8
Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability.
local
low complexity
microsoft
5.5
2024-03-22 CVE-2024-29057 Unspecified vulnerability in Microsoft Edge
Microsoft Edge (Chromium-based) Spoofing Vulnerability
network
low complexity
microsoft
4.3
2024-03-12 CVE-2024-21419 Cross-site Scripting vulnerability in Microsoft Dynamics 365
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
network
low complexity
microsoft CWE-79
5.4
2024-03-12 CVE-2024-21430 Unspecified vulnerability in Microsoft products
Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability
high complexity
microsoft
6.4
2024-03-12 CVE-2024-21431 Unspecified vulnerability in Microsoft products
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
local
low complexity
microsoft
6.7
2024-02-13 CVE-2024-20679 Unspecified vulnerability in Microsoft Azure Stack HUB
Azure Stack Hub Spoofing Vulnerability
network
low complexity
microsoft
6.5
2024-01-09 CVE-2024-20692 Exposure of Resource to Wrong Sphere vulnerability in Microsoft products
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
network
low complexity
microsoft CWE-668
5.7
2024-01-09 CVE-2024-21320 Unspecified vulnerability in Microsoft products
Windows Themes Spoofing Vulnerability
network
low complexity
microsoft
6.5
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
5.9
2023-12-12 CVE-2023-36020 Cross-site Scripting vulnerability in Microsoft Dynamics 365
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
network
low complexity
microsoft CWE-79
5.4