The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-20667 | Azure DevOps Server Remote Code Execution Vulnerability | -- | Feb 13, 2024 | n/a |
| CVE-2024-20669 | Secure Boot Security Feature Bypass Vulnerability | -- | Apr 9, 2024 | n/a |
| CVE-2024-20670 | Outlook for Windows Spoofing Vulnerability | -- | Apr 9, 2024 | n/a |
| CVE-2024-20671 | Microsoft Defender Security Feature Bypass Vulnerability | -- | Mar 12, 2024 | n/a |
| CVE-2024-20672 | .NET Denial of Service Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20673 | Microsoft Office Remote Code Execution Vulnerability | -- | Feb 13, 2024 | n/a |
| CVE-2024-20674 | Windows Kerberos Security Feature Bypass Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20675 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | -- | Jan 11, 2024 | n/a |
| CVE-2024-20676 | Azure Storage Mover Remote Code Execution Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20677 | A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. As of February 13, 2024, the ability to insert FBX files has also been disabled in 3D Viewer. 3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time. This change is effective as of the January 9, 2024 security update. | -- | Jan 9, 2024 | n/a |
| CVE-2024-20678 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | -- | Apr 9, 2024 | n/a |
| CVE-2024-20679 | Azure Stack Hub Spoofing Vulnerability | -- | Feb 13, 2024 | n/a |
| CVE-2024-20680 | Windows Message Queuing Client (MSMQC) Information Disclosure | -- | Jan 9, 2024 | n/a |
| CVE-2024-20681 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20682 | Windows Cryptographic Services Remote Code Execution Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20683 | Win32k Elevation of Privilege Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20684 | Windows Hyper-V Denial of Service Vulnerability | -- | Feb 13, 2024 | n/a |
| CVE-2024-20685 | Azure Private 5G Core Denial of Service Vulnerability | -- | Apr 9, 2024 | n/a |
| CVE-2024-20686 | Win32k Elevation of Privilege Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20687 | Microsoft AllJoyn API Denial of Service Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20688 | Secure Boot Security Feature Bypass Vulnerability | -- | Apr 9, 2024 | n/a |
| CVE-2024-20689 | Secure Boot Security Feature Bypass Vulnerability | -- | Apr 9, 2024 | n/a |
| CVE-2024-20690 | Windows Nearby Sharing Spoofing Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20691 | Windows Themes Information Disclosure Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20692 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20693 | Windows Kernel Elevation of Privilege Vulnerability | -- | Apr 9, 2024 | n/a |
| CVE-2024-20694 | Windows CoreMessaging Information Disclosure Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20695 | Skype for Business Information Disclosure Vulnerability | -- | Feb 13, 2024 | n/a |
| CVE-2024-20696 | Windows Libarchive Remote Code Execution Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20697 | Windows Libarchive Remote Code Execution Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20698 | Windows Kernel Elevation of Privilege Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20699 | Windows Hyper-V Denial of Service Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20700 | Windows Hyper-V Remote Code Execution Vulnerability | -- | Jan 9, 2024 | n/a |
| CVE-2024-20709 | Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jan 16, 2024 | n/a |
| CVE-2024-20710 | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jan 10, 2024 | n/a |
| CVE-2024-20711 | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jan 10, 2024 | n/a |
| CVE-2024-20712 | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jan 10, 2024 | n/a |
| CVE-2024-20713 | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jan 10, 2024 | n/a |
| CVE-2024-20714 | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jan 10, 2024 | n/a |
| CVE-2024-20715 | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jan 10, 2024 | n/a |
| CVE-2024-20716 | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction. | -- | Feb 16, 2024 | n/a |
| CVE-2024-20717 | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | -- | Feb 16, 2024 | n/a |
| CVE-2024-20718 | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website. | -- | Feb 16, 2024 | n/a |
| CVE-2024-20719 | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access. | -- | Feb 16, 2024 | n/a |
| CVE-2024-20720 | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (\'OS Command Injection\') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. | -- | Feb 16, 2024 | n/a |
| CVE-2024-20721 | Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Jan 16, 2024 | n/a |
| CVE-2024-20722 | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Feb 16, 2024 | n/a |
| CVE-2024-20723 | Substance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Feb 16, 2024 | n/a |
| CVE-2024-20724 | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Feb 16, 2024 | n/a |
| CVE-2024-20725 | Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | -- | Feb 16, 2024 | n/a |
