CVSS: 8.3EPSS: 75%CPEs: 3EXPL: 1CVE-2024-38094 – Microsoft SharePoint Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-38094
09 Jul 2024 — Microsoft SharePoint Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution. • https://packetstorm.news/files/id/179460 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 13%CPEs: 3EXPL: 0CVE-2024-32987 – Microsoft SharePoint Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-32987
09 Jul 2024 — Microsoft SharePoint Server Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de Microsoft SharePoint Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32987 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.3EPSS: 72%CPEs: 3EXPL: 1CVE-2024-38024 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38024
09 Jul 2024 — Microsoft SharePoint Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the FindSpecific method. The process does not properly restrict a user-supplied argument before using it to create an instance of an ... • https://packetstorm.news/files/id/179460 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.3EPSS: 72%CPEs: 3EXPL: 1CVE-2024-38023 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38023
09 Jul 2024 — Microsoft SharePoint Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server • https://packetstorm.news/files/id/179460 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-33881
https://notcve.org/view.php?id=CVE-2024-33881
24 Jun 2024 — An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter. Se descubrió un problema en VirtoSoftware Virto Bulk File Download 5.5.44 para SharePoint 2019. El método Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted permite una fuga de hash NTLMv2 a través de un nombre de ruta compartido UNC en el parámetro de ruta. • https://docs.virtosoftware.com/v/virto-security-frequently-asked-questions-faq • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2024-30100 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30100
11 Jun 2024 — Microsoft SharePoint Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30100 • CWE-426: Untrusted Search Path •
CVSS: 9.0EPSS: 68%CPEs: 3EXPL: 0CVE-2024-21318 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-21318
09 Jan 2024 — Microsoft SharePoint Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21318 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 4%CPEs: 3EXPL: 0CVE-2023-38177 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38177
14 Nov 2023 — Microsoft SharePoint Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38177 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.3EPSS: 0%CPEs: 11EXPL: 0CVE-2023-36762 – Microsoft Word Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36762
12 Sep 2023 — Microsoft Word Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Código de Microsoft Word • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36762 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 11%CPEs: 3EXPL: 0CVE-2023-36764 – Microsoft SharePoint Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36764
12 Sep 2023 — Microsoft SharePoint Server Elevation of Privilege Vulnerability Vulnerabilidad de Elevación de Privilegios de Microsoft SharePoint Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764 • CWE-73: External Control of File Name or Path •