VulnerabilityAlerts

Monitoring new CVE for your stack in your software or environment never easier. No need to setup cronjob to check latest CVE, we do it for you. Get notified in hour unit for new CVE using email or webhook. VulnerabilityAlerts will help you to be always updated for new CVE of your software/library catalogue.

CVE-2024-21413

Microsoft Outlook Remote Code Execution Vulnerability

CVE-2024-21401

Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability

CVE-2024-21384

Microsoft Office OneNote Remote Code Execution Vulnerability

CVE-2024-21389

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2024-21393

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2024-21394

Dynamics 365 Field Service Spoofing Vulnerability

CVE-2024-21395

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2024-21396

Dynamics 365 Sales Spoofing Vulnerability

CVE-2024-21397

Microsoft Azure File Sync Elevation of Privilege Vulnerability

CVE-2024-21381

Microsoft Azure Active Directory B2C Spoofing Vulnerability

CVE-2024-21371

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-21372

Windows OLE Remote Code Execution Vulnerability

CVE-2024-21374

Microsoft Teams for Android Information Disclosure

CVE-2024-21386

.NET Denial of Service Vulnerability

CVE-2024-21402

Microsoft Outlook Elevation of Privilege Vulnerability

CVE-2024-21404

.NET Denial of Service Vulnerability

CVE-2024-21405

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

CVE-2024-20667

Azure DevOps Server Remote Code Execution Vulnerability

CVE-2024-20673

Microsoft Office Remote Code Execution Vulnerability

CVE-2024-21327

Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

CVE-2024-21328

Dynamics 365 Sales Spoofing Vulnerability

CVE-2024-21329

Azure Connected Machine Agent Elevation of Privilege Vulnerability

CVE-2024-21342

Windows DNS Client Denial of Service Vulnerability

CVE-2024-21341

Windows Kernel Remote Code Execution Vulnerability

CVE-2024-21341

Windows Kernel Remote Code Execution Vulnerability

CVE-2024-21338

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-21340

Windows Kernel Information Disclosure Vulnerability

CVE-2024-21399

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2024-21399

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2024-21388

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2024-21336

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-21387

Microsoft Edge for Android Spoofing Vulnerability

CVE-2024-21385

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2024-21383

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-21326

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2024-20721

Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-20709

Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2024-21337

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2024-20675

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2024-21638

Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.

CVE-2024-21643

IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher.

CVE-2024-21319

Microsoft Identity Denial of service vulnerability

CVE-2024-20683

Win32k Elevation of Privilege Vulnerability

CVE-2024-20691

Windows Themes Information Disclosure Vulnerability

CVE-2024-20690

Windows Nearby Sharing Spoofing Vulnerability

CVE-2024-20687

Microsoft AllJoyn API Denial of Service Vulnerability

CVE-2024-20686

Win32k Elevation of Privilege Vulnerability

CVE-2024-20674

Windows Kerberos Security Feature Bypass Vulnerability

CVE-2024-20676

Azure Storage Mover Remote Code Execution Vulnerability

CVE-2024-20680

Windows Message Queuing Client (MSMQC) Information Disclosure

Copyright © 2022 VulnerabilityAlerts

DISCLAIMER:

This site is created by @aryya_id by processing data from National Vulnerability Database (NVD). You are free to use this site for your use case by understanding that there is no guaantee or warranty for data shown in this site. You are understand that content from this website is "as it is" and usage of data or material from this website is solely your reponsibility.