Filtered by vendor Microsoft
Subscribe
Total
21917 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35252 | 1 Microsoft | 1 Azure Storage Data Movement Library | 2024-11-21 | N/A | 7.5 HIGH |
| Azure Storage Movement Client Library Denial of Service Vulnerability | |||||
| CVE-2024-35249 | 1 Microsoft | 1 Dynamics 365 Business Central | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability | |||||
| CVE-2024-35248 | 1 Microsoft | 1 Dynamics 365 Business Central | 2024-11-21 | N/A | 7.3 HIGH |
| Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | |||||
| CVE-2024-35178 | 2 Jupyter, Microsoft | 2 Jupyter Server, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to other network-accessible machines. This vulnerability is fixed in 2.14.1. | |||||
| CVE-2024-34122 | 2 Adobe, Microsoft | 2 Acrobat, Edge Chromium | 2024-11-21 | N/A | 7.8 HIGH |
| Acrobat for Edge versions 126.0.2592.68 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-33881 | 2 Microsoft, Virtosoftware | 2 Sharepoint Server, Sharepoint Bulk File Download | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter. | |||||
| CVE-2024-33879 | 2 Microsoft, Virtosoftware | 2 Sharepoint Server, Sharepoint Bulk File Download | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter. | |||||
| CVE-2024-32987 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 7.5 HIGH |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2024-32152 | 3 Ankitects, Linux, Microsoft | 3 Anki, Linux Kernel, Windows | 2024-11-21 | N/A | 3.1 LOW |
| A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability. | |||||
| CVE-2024-30472 | 2 Dell, Microsoft | 2 Thinos, Telemetry Dashboard | 2024-11-21 | N/A | 7.5 HIGH |
| Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure. | |||||
| CVE-2024-30105 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2024-11-21 | N/A | 7.5 HIGH |
| .NET and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2024-30104 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2024-30103 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2024-30102 | 1 Microsoft | 1 365 Apps | 2024-11-21 | N/A | 7.3 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2024-30101 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | N/A | 7.5 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2024-30100 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2024-30099 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.0 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-30098 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.5 HIGH |
| Windows Cryptographic Services Security Feature Bypass Vulnerability | |||||
| CVE-2024-30097 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | |||||
| CVE-2024-30096 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Windows Cryptographic Services Information Disclosure Vulnerability | |||||