Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): microsoft
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-21318 |
Microsoft SharePoint Server Remote Code Execution Vulnerability Published: January 09, 2024; 1:15:55 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-21314 |
Microsoft Message Queuing Information Disclosure Vulnerability Published: January 09, 2024; 1:15:55 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-21306 |
Microsoft Bluetooth Driver Spoofing Vulnerability Published: January 09, 2024; 1:15:54 PM -0500 |
V4.0:(not available) V3.1: 5.7 MEDIUM V2.0:(not available) |
CVE-2024-20692 |
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Published: January 09, 2024; 1:15:52 PM -0500 |
V4.0:(not available) V3.1: 5.7 MEDIUM V2.0:(not available) |
CVE-2024-20687 |
Microsoft AllJoyn API Denial of Service Vulnerability Published: January 09, 2024; 1:15:52 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-20677 |
A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. As of February 13, 2024, the ability to insert FBX files has also been disabled in 3D Viewer. 3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time. This change is effective as of the January 9, 2024 security update. Published: January 09, 2024; 1:15:50 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-20664 |
Microsoft Message Queuing Information Disclosure Vulnerability Published: January 09, 2024; 1:15:49 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-20661 |
Microsoft Message Queuing Denial of Service Vulnerability Published: January 09, 2024; 1:15:49 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-20660 |
Microsoft Message Queuing Information Disclosure Vulnerability Published: January 09, 2024; 1:15:49 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-20658 |
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Published: January 09, 2024; 1:15:48 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-20655 |
Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability Published: January 09, 2024; 1:15:48 PM -0500 |
V4.0:(not available) V3.1: 6.6 MEDIUM V2.0:(not available) |
CVE-2024-20654 |
Microsoft ODBC Driver Remote Code Execution Vulnerability Published: January 09, 2024; 1:15:48 PM -0500 |
V4.0:(not available) V3.1: 8.0 HIGH V2.0:(not available) |
CVE-2024-20653 |
Microsoft Common Log File System Elevation of Privilege Vulnerability Published: January 09, 2024; 1:15:47 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-0056 |
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability Published: January 09, 2024; 1:15:46 PM -0500 |
V4.0:(not available) V3.1: 8.7 HIGH V2.0:(not available) |
CVE-2024-22125 |
Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality. Published: January 08, 2024; 9:15:46 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-21632 |
omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the `email` is used as a trusted user identifier. This could lead to account takeover. Version 2.0.0 contains a fix for this issue. Published: January 02, 2024; 5:15:10 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-51663 |
Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect (OIDC) email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change their email address, they could create accounts and use resources in clusters that they should not have access to. For example, a user could create a Microsoft or Google account and then change their email to `test@example.org`. This account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is `example.org`. The attacker is not able to access private data or impersonate another user, but they would have the ability to run jobs if Hail Batch billing projects are enabled and create Azure Tenants if they have Azure Active Directory Administrator access. Published: December 29, 2023; 12:16:07 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-51662 |
The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5. Published: December 22, 2023; 12:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-36878 |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Published: December 14, 2023; 8:15:07 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-36020 |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Published: December 12, 2023; 1:15:22 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |