CVSS: 7.8EPSS: 17%CPEs: 3EXPL: 0CVE-2024-43466 – Microsoft SharePoint Server Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43466
10 Sep 2024 — Microsoft SharePoint Server Denial of Service Vulnerability This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the SPAutoSerializingObject class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to create a denial... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43466 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.3EPSS: 75%CPEs: 3EXPL: 1CVE-2024-38094 – Microsoft SharePoint Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-38094
09 Jul 2024 — Microsoft SharePoint Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution. • https://packetstorm.news/files/id/179460 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 13%CPEs: 3EXPL: 0CVE-2024-32987 – Microsoft SharePoint Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-32987
09 Jul 2024 — Microsoft SharePoint Server Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de Microsoft SharePoint Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32987 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.3EPSS: 72%CPEs: 3EXPL: 1CVE-2024-38024 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38024
09 Jul 2024 — Microsoft SharePoint Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the FindSpecific method. The process does not properly restrict a user-supplied argument before using it to create an instance of an ... • https://packetstorm.news/files/id/179460 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.3EPSS: 72%CPEs: 3EXPL: 1CVE-2024-38023 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38023
09 Jul 2024 — Microsoft SharePoint Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server • https://packetstorm.news/files/id/179460 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-33881
https://notcve.org/view.php?id=CVE-2024-33881
24 Jun 2024 — An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter. Se descubrió un problema en VirtoSoftware Virto Bulk File Download 5.5.44 para SharePoint 2019. El método Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted permite una fuga de hash NTLMv2 a través de un nombre de ruta compartido UNC en el parámetro de ruta. • https://docs.virtosoftware.com/v/virto-security-frequently-asked-questions-faq • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2024-30100 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30100
11 Jun 2024 — Microsoft SharePoint Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30100 • CWE-426: Untrusted Search Path •
CVSS: 8.3EPSS: 58%CPEs: 3EXPL: 0CVE-2024-30044 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30044
14 May 2024 — Microsoft SharePoint Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30044 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.1EPSS: 41%CPEs: 3EXPL: 1CVE-2024-30043 – Microsoft SharePoint Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-30043
14 May 2024 — Microsoft SharePoint Server Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de Microsoft SharePoint Server This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the BaseXmlDataSource class. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML ... • https://github.com/W01fh4cker/CVE-2024-30043-XXE • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26251 – Microsoft SharePoint Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-26251
09 Apr 2024 — Microsoft SharePoint Server Spoofing Vulnerability Vulnerabilidad de suplantación de identidad de Microsoft SharePoint Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •