Security Vulnerabilities - CVEs Published In February 2024
Dynamics 365 Sales Spoofing Vulnerability
CVSS Score
7.6
EPSS Score
0.008
Published
2024-02-13
Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVSS Score
7.3
EPSS Score
0.007
Published
2024-02-13
Insufficient verification of data authenticity in
the configuration state machine may allow a local attacker to potentially load
arbitrary bitstreams.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-02-13
Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-02-13
Azure DevOps Server Remote Code Execution Vulnerability
CVSS Score
7.5
EPSS Score
0.003
Published
2024-02-13
Microsoft Office Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.004
Published
2024-02-13
Azure Stack Hub Spoofing Vulnerability
CVSS Score
6.5
EPSS Score
0.005
Published
2024-02-13
Windows Hyper-V Denial of Service Vulnerability
CVSS Score
6.5
EPSS Score
0.002
Published
2024-02-13
In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-02-13
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issue.)
CVSS Score
6.1
EPSS Score
0.004
Published
2024-02-13