CVE-2024-11395: Chromium: CVE-2024-11395 Type Confusion in V8

CVE-2024-49054: Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-49060: Azure Stack HCI Elevation of Privilege Vulnerability

CVE-2024-11117: Chromium: CVE-2024-11117 Inappropriate implementation in FileSystem

CVE-2024-11116: Chromium: CVE-2024-11116 Inappropriate implementation in Paint

**How could an attacker exploit the vulnerability?**

An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server.

Headline

CVE-2024-38023: Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft Security Response Center: Latest News