Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2024-38167 Unspecified vulnerability in Microsoft .Net and Visual Studio 2022
.NET and Visual Studio Information Disclosure Vulnerability
network
low complexity
microsoft
6.5
6.5
2024-08-13 CVE-2024-38173 Unspecified vulnerability in Microsoft products
Microsoft Outlook Remote Code Execution Vulnerability
local
high complexity
microsoft
6.7
6.7
2024-08-13 CVE-2024-38197 Unspecified vulnerability in Microsoft Teams 5.12.1
Microsoft Teams for iOS Spoofing Vulnerability
network
low complexity
microsoft
6.5
6.5
2024-08-13 CVE-2024-38213 Unspecified vulnerability in Microsoft products
Windows Mark of the Web Security Feature Bypass Vulnerability
network
low complexity
microsoft
6.5
6.5
2024-08-13 CVE-2024-38214 Unspecified vulnerability in Microsoft products
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
network
low complexity
microsoft
6.5
6.5
2024-08-13 CVE-2024-38223 Unspecified vulnerability in Microsoft products
Windows Initial Machine Configuration Elevation of Privilege Vulnerability
low complexity
microsoft
6.8
6.8
2024-08-12 CVE-2024-38200 Unspecified vulnerability in Microsoft products
Microsoft Office Spoofing Vulnerability
network
low complexity
microsoft
6.5
6.5
2024-08-08 CVE-2024-21302 Unspecified vulnerability in Microsoft products
Summary: Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS.
local
low complexity
microsoft
6.7
6.7
2024-08-06 CVE-2024-38166 Cross-site Scripting vulnerability in Microsoft Dynamics CRM Service Portal web Resource
An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.
network
low complexity
microsoft CWE-79
6.1
6.1
2024-08-06 CVE-2024-38206 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Copilot Studio
An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.
network
low complexity
microsoft CWE-918
6.5
6.5