Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2021-38012: Chromium: CVE-2021-38012 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

Microsoft Security Response Center
Open in Source
#microsoft#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2021-38017: Chromium: CVE-2021-38017 Insufficient policy enforcement in iframe sandbox

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38015: Chromium: CVE-2021-38015 Inappropriate implementation in input

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-43220: Microsoft Edge for iOS Spoofing Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-42308: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1054.29 11/19/2021 96.0.4664.45

CVE-2021-35534

Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5. Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi Energy GMS600 1.3.0; ...

CVE-2021-41165: ckeditor4/CHANGES.md at major · ckeditor/ckeditor4

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.

CVE-2021-41165: ckeditor4/CHANGES.md at major · ckeditor/ckeditor4

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.

CVE-2021-33106: INTEL-SA-00584

Integer overflow in the Safestring library maintained by Intel(R) may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2021-43551

A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim’s user permissions.