72 matches found
CVE-2023-21716
CVE-2023-21716 corresponds to a Microsoft Word/Office remote code execution vulnerability. A heap corruption flaw resides in Word’s wwlib when parsing RTF font tables with an excessive number of fonts in the fonttbl, causing an out-of-bounds write that can lead to arbitrary code execution when a ...
CVE-2022-22005
CVE-2022-22005 – Microsoft SharePoint Server RCE is an authenticated-execution flaw in SharePoint Server. The initial document states that an authenticated user with Manage Lists permissions could cause arbitrary .NET code to run on the SharePoint Web Application service account. Exploitation wou...
CVE-2023-36764
CVE-2023-36764 affects Microsoft SharePoint Server and is an Elevation of Privilege vulnerability. The connected CNVD entry confirms an elevation of privilege issue exists in SharePoint Server; MSRC details indicate a patch exists for SharePoint Server 2019 (KB5002472). The remediation requires i...
CVE-2023-24955
CVE-2023-24955 affects Microsoft SharePoint Server and is a remote code execution vulnerability. The CISA/KEV records describe it as a code injection flaw that can be exploited by an authenticated attacker with Site Owner privileges to execute code remotely, indicating attacker-controlled code ex...
CVE-2024-38094
CVE-2024-38094 is a Microsoft SharePoint deserialization vulnerability that allows remote code execution. Connected sources indicate an authenticated attacker with Site Owner permissions can inject and execute arbitrary code on the SharePoint server, with exploit activity noted in the wild (CISA ...
CVE-2022-21968
Technical details about CVE-2022-21968 are not provided in the supplied connected documents. Monitor for updates from official sources to obtain affected products, root cause, impact, and remediation information.
CVE-2022-29108
CVE-2022-29108 affects Microsoft SharePoint Server. The connected docs confirm a remote code execution vulnerability with high impact (CVSS 3.1 base 8.8; CVSS 2.0 base 6.5). Remediation: apply the security update KB5002203 for SharePoint Foundation 2013 and follow Microsoft guidance to mitigate. ...
CVE-2024-21426
CVE-2024-21426 is a Microsoft SharePoint Server remote code execution vulnerability. Publicly documented impact affects multiple SharePoint products, including SharePoint Server 2019, SharePoint Server Subscription Edition, SharePoint Enterprise Server 2016, and related on-premises deployments. R...
CVE-2023-21742
CVE-2023-21742 affects Microsoft SharePoint Server family. A GitHub PoC for CVE-2023-21742 demonstrates an Improper Access Control path in SharePoint’s webpartpages (POST to _vti_bin/webpartpages.asmx, ConvertWebPartFormat) that leaks an attribute/property; the PoC explicitly notes it is not a fu...
CVE-2022-30172
CVE-2022-30172 is an Microsoft Office information disclosure vulnerability. Connected documents indicate remediation via Microsoft security updates KB5002062/KB5002222/KB5002224/KB5002214 addressing Office/SharePoint components in various Server editions. Exploitation details and affected product...
CVE-2023-24954
Public technical details (affected product, root cause, impact, or fixes) for CVE-2023-24954 are not provided in the connected documents. Monitor for updates from official advisories.
CVE-2022-21837
CVE-2022-21837 is a remote code execution vulnerability in Microsoft SharePoint Server (on‑prem). Connected sources confirm that exploitation could allow an attacker to run arbitrary code on the SharePoint server (e.g., potentially escalate to SharePoint admin) if the vulnerable SharePoint Server...
CVE-2023-21743
Mode C CVE-2023-21743 affects Microsoft SharePoint Server and is a security feature bypass vulnerability. An unauthenticated attacker could bypass authentication and establish an anonymous connection to a vulnerable SharePoint farm. Exploitation requires triggering a SharePoint upgrade action, wh...
CVE-2023-28288
CVE-2023-28288 is a network-exploitable spoofing vulnerability affecting Microsoft SharePoint Server families. Public references (Exploit-DB entry) show a remote exploit against SharePoint Enterprise Server 2016, aligning with the vulnerability class described as spoofing in the CVE record. The C...
CVE-2023-38177
CVE-2023-38177 is a Microsoft SharePoint Server remote code execution vulnerability. Public updates exist for multiple SharePoint products to remediate it: SharePoint Server 2016/Enterprise Server: KB5002517 (build 16.0.5422.1000) SharePoint Server 2019: KB5002526 (build 16.0.10404.20003) SharePo...
CVE-2024-21318
CVE-2024-21318 affects Microsoft SharePoint Server and is described as a remote code execution vulnerability. The CVE entry lists a CVSS v3.1 base score of 8.8 ( HIGH ) with network attack vector, low attack complexity, and privileges required as LOW, no user interaction, and impact on confidenti...
CVE-2023-23395
CVE-2023-23395 relates to a spoofing vulnerability in Microsoft SharePoint Server. The connected sources confirm: (1) affected product is SharePoint Server; (2) root cause described as spoofing in SharePoint components; (3) CVSSv3.1 base score of 3.1 (LOW) with network attack vector, high complex...
CVE-2022-21840
CVE-2022-21840 is a Microsoft Office remote code execution vulnerability. Public documentation notes an Office RCE that can be exploited via social engineering (e.g., opening a malicious attachment or visiting a malicious site) and may require user interaction. The CVSS details indicate high impa...
CVE-2023-24950
CVE-2023-24950 is a Microsoft SharePoint Server spoofing vulnerability. Public docs identify affected platforms as SharePoint Server (2016/2019 and Subscription Edition) and describe the root cause as a spoofing flaw in the server, enabling spoofing attacks. The connected Nessus entries tie this ...
CVE-2023-33165
CVE-2023-33165 affects Microsoft SharePoint Server (SharePoint Server 2019 Update). The connected documents identify a security feature bypass vulnerability in SharePoint Server that can bypass security restrictions. Remediation is provided via security update KB5002423 (build 16.0.10400.20008) f...
CVE-2022-24472
CVE-2022-24472 is a Microsoft SharePoint Server spoofing vulnerability. Connected sources confirm affected product family (SharePoint Server variants) and indicate remediation via security updates KB5002191 (SharePoint Server Subscription Edition) and KB5002180 (SharePoint Server 2019), which add...
CVE-2023-21744
CVE-2023-21744 is a Microsoft SharePoint Server remote code execution vulnerability. Connected sources confirm that it affects SharePoint Server products (Foundation 2013, Server 2016/2019 and subscriptions) and that exploitation leads to arbitrary code execution with network access and no user i...
CVE-2024-38018
CVE-2024-38018 affects Microsoft SharePoint Server and is described as a remote code execution vulnerability. Connected sources indicate the issue arises from improper handling of serialized instances of the SPThemes class, enabling an attacker to execute arbitrary code on the target system. Repo...
CVE-2023-21717
CVE-2023-21717 affects Microsoft SharePoint Server as an Elevation of Privilege vulnerability. Connected sources confirm affected SharePoint Server family (2013/2016/2019 and Subscription/Foundation variants) with multiple references to CVE-21717 and CVE-21716; the exact root cause is not detaile...
CVE-2022-30157
CVE-2022-30157 relates to Microsoft SharePoint Server remote code execution. CNVD-2022-59590 and the MSRC advisory KB5002224 describe a remote-code-execution vulnerability in SharePoint Server (Subscription Edition included). The patch KB5002224 (June 14, 2022) mitigates this by applying security...
CVE-2023-33129
Technical details about CVE-2023-33129 are not provided in the supplied documents. No specific affected product/version/exploit data is disclosed here. Monitor for updates from official advisories.
CVE-2022-41122
CVE-2022-41122 is described in connected CNVD/NVD sources as a Microsoft SharePoint Server spoofing vulnerability. The CNVD entry notes that an attacker could exploit a specially crafted website to spoof content, tricking users into believing the site is legitimate. The available documents do not...
CVE-2023-33130
Technical details about CVE-2023-33130 (affected product/version, root cause, impact or fixes) are not provided in the connected documents. Monitor for updates from official advisories and sources.
CVE-2024-38023
CVE-2024-38023 affects on-premises Microsoft SharePoint Server. Exploitation path described in connected docs: an attacker with Site Owner permissions can abuse the BDC (Business Data Connectivity) feature via a malicious BDCMetadata.bdcm file to trigger reflective code execution, resulting in RC...
CVE-2022-30158
CVE-2022-30158 corresponds to a Microsoft SharePoint Server remote code execution vulnerability. According to the connected sources, the vulnerability affects Microsoft SharePoint Server with RCE potential impacting confidentiality, integrity, and availability (all High). The CVSS v3.1 score is 8...
CVE-2022-37961
CVE-2022-37961 is a remote code execution vulnerability in Microsoft SharePoint Server. The Connected KB describes a security update (KB5002271) for SharePoint Server Subscription Edition (16.0.x) released around Sep 13, 2022 that resolves this RCE alongside related SharePoint RCE advisories. Aff...
CVE-2022-41061
CVE-2022-41061 is a Microsoft Word remote code execution vulnerability. The CVSS v3.1 base score is 7.8 (HIGH), with LOCAL attack vector, LOW attack complexity, and user interaction required; impact is high for confidentiality, integrity, and availability. Affected: Microsoft Word / Office compon...
CVE-2021-42309
CVE-2021-42309 is a remote code execution vulnerability in Microsoft SharePoint Server identified across multiple SharePoint versions (2013/2016/2019 and Subscription Edition). Public sources in the connected documents describe an RCE vector that allows an attacker to bypass authentication or exe...
CVE-2023-33132
Technical details for CVE-2023-33132 are not publicly provided in the supplied documents. Monitor updates from Microsoft and authorities for affected products, remediation steps, and confirmed exploit status.
CVE-2023-33142
Technical details are not publicly provided in the supplied documents. No affected product/version, impact, or remediation details are available here. Monitor for updates from official advisories.
CVE-2023-33157
CVE-2023-33157 is a Microsoft SharePoint RCE affecting on‑premises SharePoint Server / SharePoint Server Subscription Edition. Public documentation associates this CVE with a remote code execution vulnerability in SharePoint that is addressed by July 2023 security updates (KB5002423/KB5002424; bu...
CVE-2022-30171
Technical details about CVE-2022-30171 (affected product/version, root cause, impact, or fixes) are not provided in the connected documents. Monitor for updates.
CVE-2022-41060
CVE-2022-41060 is a Microsoft Word information disclosure vulnerability. The connected documents reference Word/Office components affected by the November 2022 updates and Office Web Apps Server updates (e.g., KB5002261, KB5002276) addressing Word information disclosure and related vulnerabilitie...
CVE-2024-32987
CVE-2024-32987 is a Microsoft SharePoint Server information disclosure vulnerability affecting SharePoint Server on-premises. The connected sources describe an issue where an attacker could obtain sensitive information from SharePoint Server. Impact is limited to information disclosure (no code e...
CVE-2022-44690
CVE-2022-44690 is a Microsoft SharePoint Server Remote Code Execution vulnerability. Public sources classify it as a network-exploitable flaw with high impact (CB> Confidentiality, Integrity, Availability all High) per CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Connected documents confirm...
CVE-2022-41103
CVE-2022-41103 is Microsoft Word Information Disclosure Vulnerability. Connected sources indicate it is referenced alongside Word/Office and SharePoint update bundles (e.g., Word C2R and SharePoint November 2022 patches). The vulnerability is described as information disclosure; no explicit root-...
CVE-2023-36891
Technical details (affected product/version, root cause, impact, exploitation) for CVE-2023-36891 are not provided in the connected documents. The corpus only notes a SharePoint spoofing vulnerability without concrete specifics.
CVE-2023-36894
CVE-2023-36894 is a SharePoint Server information‑disclosure vulnerability affecting on‑premises SharePoint Server installations (2016, 2019, and Subscription Edition). The issue, described in multiple sources, enables an information disclosure that could expose sensitive data. The connected docu...
CVE-2022-21987
CVE-2022-21987 is a Spoofing vulnerability in Microsoft SharePoint Server affecting multiple editions (2013/2016/2019 Subscription Edition). The connected documents confirm the issue allows spoofing content presented to users, potentially deceiving them into believing a site is legitimate. Micros...
CVE-2022-41038
CVE-2022-41038 affects Microsoft SharePoint Server and is described as a remote code execution vulnerability. Public documents in the Connected set confirm SharePoint as the affected product and that remediation is delivered via Microsoft security updates (e.g., KB5002287 for SharePoint Server 20...
CVE-2024-38024
CVE-2024-38024 is a Microsoft SharePoint Server remote code execution vulnerability affecting on-premises SharePoint Server. Public sources describe that exploitation can occur when an attacker with site owner privileges injects and executes arbitrary code in the SharePoint service context, enabl...
CVE-2023-36890
CVE-2023-36890 affects Microsoft SharePoint Server (2019 and Subscription Edition). The connected documents confirm a SharePoint Server information disclosure vulnerability that can lead to sensitive data exposure, with impact limited to confidentiality (CVE-2023-36890). The root cause is describ...
CVE-2024-49062
CVE-2024-49062 is a Microsoft SharePoint Information Disclosure vulnerability affecting SharePoint components used in on-premises deployments. The issue is described in the initial entry with a CVSS v3.1 base score of 6.5 (NETWORK, Privileges Required: LOW, User Interaction: NONE) and indicates d...
CVE-2023-33160
CVE-2023-33160 affects Microsoft SharePoint Server (on‑premises) with a remote code execution vulnerability. The entry shows a high severity (CVSS v3.1: 8.8) and public patches exist: KB5002425 (SharePoint Server 2016) and KB5002423 (SharePoint Server 2019), released 2023‑07‑11. Affected products...
CVE-2023-33134
CVE-2023-33134 is a Microsoft SharePoint Server Remote Code Execution vulnerability affecting on‑prem SharePoint deployments. CVSS v3.1: 8.8 (Network, Privileges Needed: Low, User Interaction: None; Impact: Confidentiality, Integrity, Availability). Mitigation/Remediation: Microsoft published upd...