CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2024-38094 – Microsoft SharePoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38094
Microsoft SharePoint Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint • https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-32987 – Microsoft SharePoint Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-32987
Microsoft SharePoint Server Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de Microsoft SharePoint Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32987 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2024-38024 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38024
Microsoft SharePoint Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server • https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38024 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2024-38023 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38023
Microsoft SharePoint Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server • https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38023 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-33881
https://notcve.org/view.php?id=CVE-2024-33881
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter. Se descubrió un problema en VirtoSoftware Virto Bulk File Download 5.5.44 para SharePoint 2019. El método Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted permite una fuga de hash NTLMv2 a través de un nombre de ruta compartido UNC en el parámetro de ruta. • https://docs.virtosoftware.com/v/virto-security-frequently-asked-questions-faq https://download.virtosoftware.com/Manuals/nu_ncsc_virto_one_bulk_file_download_v5.4.4_pt_disclosure.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-400: Uncontrolled Resource Consumption •