Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.

Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.

Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network.

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Improper input validation in Power BI allows an authorized attacker to execute code over a network.