The Consensus Security Vulnerability Alert

#ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400

Published: 2024-04-16

Last Updated: 2024-04-16 21:14:12 UTC

by Johannes Ullrich (Version: 1)

The Palo Alto Networks vulnerability has been analyzed in depth by various sources and exploits.

We have gotten several reports of exploits being attempted against GlobalProtect installs. In addition, we see scans for the GlobalProtect login page, but these scans predated the exploit. VPN gateways have always been the target of exploits like brute forcing or credential stuffing attacks. ...

The exploit does exploit a path traversal vulnerability. The session ID ("SESSID" cookie) creates a file. This vulnerability can create a file in a telemetry directory, and the content will be executed (see the Watchtwr blog for more details).

Read the full entry:

https://isc.sans.edu/diary/Palo+Alto+Networks+GlobalProtect+exploit+public+and+widely+exploited+CVE20243400/30844/

Quick Palo Alto Networks Global Protect Vulnerability Update (CVE-2024-3400)

Published: 2024-04-15

Last Updated: 2024-04-15 23:56:55 UTC

by Johannes Ullrich (Version: 1)

This is a quick update to our initial diary from this weekend [CVE-2024-3400].

At this point, we are not aware of a public exploit for this vulnerability. The widely shared GitHub exploit is almost certainly fake.

As promised, Palo Alto delivered a hotfix for affected versions on Sunday (close to midnight Eastern Time).

One of our readers, Mark, observed attacks attempting to exploit the vulnerability from two IP addresses:

*An Akamai/Linode IP address. We do not have any reports from this IP address. Shodan suggests that the system may have recently hosted a WordPress site.

*A system in Singapore that has been actively scanning various ports in March and April.

According to Mark, the countermeasure of disabling telemetry worked. The attacks where directed at various GlobalProtect installs, missing recently deployed instances. This could be due to the attacker using a slightly outdated target list.

Please let us know if you observe any additional attacks or if you come across exploits for this vulnerability.

Read the full entry:

https://isc.sans.edu/diary/Quick+Palo+Alto+Networks+Global+Protect+Vulnerablity+Update+CVE20243400/30838/

Critical Palo Alto GlobalProtect Vulnerability Exploited (CVE-2024-3400)

Published: 2024-04-13

Last Updated: 2024-04-15 12:28:02 UTC

by Johannes Ullrich (Version: 1)

On Friday, Palo Alto Networks released an advisory warning users of Palo Alto's Global Protect product of a vulnerability that has been exploited since March [1].

Volexity discovered the vulnerability after one of its customers was compromised [2]. The vulnerability allows for arbitrary code execution. A GitHub repository claimed to include an exploit (it has been removed by now). But the exploit may have been a fake and not the actual exploit. It appeared a bit too simplistic (hopefully). I had no chance to test it.

Assume Compromise

According to Volexity, exploit attempts for this vulnerability were observed as early as March 26th.

Workarounds

GlobalProtect is only vulnerable if telemetry is enabled. Telemetry is enabled by default, but as a "quick fix", you may want to disable telemetry. Palo Alto Threat Prevention subscribers can enable Threat ID 95187 to block the exploit.

Patch

A patch was made available late on April 14th. Consider expediting the patch, but some testing should be performed to mitigate the risk of a "rushed out" patch.

[1] https://security.paloaltonetworks.com/CVE-2024-3400

[2] https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400

Read the full entry:

https://isc.sans.edu/diary/Critical+Palo+Alto+GlobalProtect+Vulnerability+Exploited+CVE20243400/30834/

Malicious PDF File Used As Delivery Mechanism (2024.04.17)

https://isc.sans.edu/diary/Malicious+PDF+File+Used+As+Delivery+Mechanism/30848/

Rolling Back Packages on Ubuntu/DebianRolling Back Packages on Ubuntu/Debian (2024.04.16)

https://isc.sans.edu/diary/Rolling+Back+Packages+on+UbuntuDebian/30842/

Building a Live SIFT USB with Persistence (2024.04.12)

https://isc.sans.edu/diary/Building+a+Live+SIFT+USB+with+Persistence/30832/

Evolution of Artificial Intelligence Systems and Ensuring Trustworthiness (2024.04.11)

https://isc.sans.edu/diary/Evolution+of+Artificial+Intelligence+Systems+and+Ensuring+Trustworthiness/30828/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

Product: Palo Alto Networks PAN-OSCVSS Score: 10.0** KEV since 2024-04-12 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3400ISC Diary: https://isc.sans.edu/diary/30834ISC Podcast: https://isc.sans.edu/podcastdetail/8938NVD References: - https://security.paloaltonetworks.com/CVE-2024-3400- https://unit42.paloaltonetworks.com/cve-2024-3400/- https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/CVE-2024-24576 - Rust had a critical vulnerability in its standard library prior to version 1.77.2 on Windows, allowing attackers to execute arbitrary shell commands by bypassing escaping when invoking batch files with untrusted arguments.Product: RustCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24576ISC Podcast: https://isc.sans.edu/podcastdetail/8934NVD References: - https://doc.rust-lang.org/std/io/enum.ErrorKind.html#variant.InvalidInput- https://doc.rust-lang.org/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg- https://doc.rust-lang.org/std/process/struct.Command.html- https://doc.rust-lang.org/std/process/struct.Command.html#method.arg- https://doc.rust-lang.org/std/process/struct.Command.html#method.args- https://github.com/rust-lang/rust/issues- https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7WRFOIAZXYUPGXGR5UEEW7VTTOD4SZ3/- https://www.rust-lang.org/policies/securityCVE-2024-20758 - Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier contain an Improper Input Validation vulnerability that could allow arbitrary code execution without user interaction, with a high attack complexity.Product: Adobe CommerceCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20758ISC Podcast: https://isc.sans.edu/podcastdetail/8934NVD References: https://helpx.adobe.com/security/products/magento/apsb24-18.htmlCVE-2024-20759 - Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are vulnerable to stored Cross-Site Scripting (XSS) allowing high-privileged attackers to inject malicious scripts into form fields, potentially executing malicious JavaScript in victim browsers with high admin impact.Product: Adobe CommerceCVSS Score: 8.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20759ISC Podcast: https://isc.sans.edu/podcastdetail/8934NVD References: https://helpx.adobe.com/security/products/magento/apsb24-18.htmlCVE-2024-29990 - Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege VulnerabilityProduct: Microsoft Azure Kubernetes ServiceCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29990MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29990CVE-2024-26234 - Proxy Driver Spoofing VulnerabilityProduct: Microsoft Windows ServerCVSS Score: 6.7NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26234ISC Podcast: https://isc.sans.edu/podcastdetail/8934MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234CVE-2023-6318 through CVE-2023-6320 - LG webOS multiple vulnerabilitiesProduct: LG webOSCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6318NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6319NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6320NVD References: https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/CVE-2023-41677 - Fortinet FortiProxy and FortiOS are vulnerable to unauthorized code execution through targeted social engineering attacks due to insufficiently protected credentials.Product: Fortinet FortiProxyCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41677ISC Podcast: https://isc.sans.edu/podcastdetail/8934NVD References: https://fortiguard.com/psirt/FG-IR-23-493CVE-2023-45590 - Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 is vulnerable to code injection attacks, enabling malicious execution of unauthorized code via visit to a malicious website.Product: Fortinet FortiClientLinuxCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45590NVD References: https://fortiguard.com/psirt/FG-IR-23-087CVE-2024-1813 - The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection up to version 2.11.0, allowing unauthenticated attackers to inject a PHP Object and potentially delete files, retrieve data, or execute code.Product: WordPress Simple Job Board pluginCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1813NVD References: - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3051715%40simple-job-board&old=3038476%40simple-job-board&sfp_email=&sfph_mail=- https://www.wordfence.com/threat-intel/vulnerabilities/id/89584034-4a93-42a6-8fef-55dc3895c45c?source=cveCVE-2024-2804 - The Network Summary plugin for WordPress is vulnerable to SQL Injection through the 'category' parameter in …

Product: Rust

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24576

ISC Podcast: https://isc.sans.edu/podcastdetail/8934

NVD References:

- https://doc.rust-lang.org/std/io/enum.ErrorKind.html#variant.InvalidInput

- https://doc.rust-lang.org/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg

- https://doc.rust-lang.org/std/process/struct.Command.html

- https://doc.rust-lang.org/std/process/struct.Command.html#method.arg

- https://doc.rust-lang.org/std/process/struct.Command.html#method.args

- https://github.com/rust-lang/rust/issues

- https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7WRFOIAZXYUPGXGR5UEEW7VTTOD4SZ3/

- https://www.rust-lang.org/policies/security

Product: Adobe Commerce

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20758

ISC Podcast: https://isc.sans.edu/podcastdetail/8934

NVD References: https://helpx.adobe.com/security/products/magento/apsb24-18.html

Product: Adobe Commerce

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20759

ISC Podcast: https://isc.sans.edu/podcastdetail/8934

NVD References: https://helpx.adobe.com/security/products/magento/apsb24-18.html

Product: Microsoft Azure Kubernetes Service

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29990

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29990

Product: Microsoft Windows Server

CVSS Score: 6.7

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26234

ISC Podcast: https://isc.sans.edu/podcastdetail/8934

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234

Product: LG webOS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6318

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6319

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6320

NVD References: https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/

Product: Fortinet FortiProxy

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41677

ISC Podcast: https://isc.sans.edu/podcastdetail/8934

NVD References: https://fortiguard.com/psirt/FG-IR-23-493

Product: Fortinet FortiClientLinux

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45590

NVD References: https://fortiguard.com/psirt/FG-IR-23-087

Product: WordPress Simple Job Board plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1813

NVD References:

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3051715%40simple-job-board&old=3038476%40simple-job-board&sfp_email=&sfph_mail=

- https://www.wordfence.com/threat-intel/vulnerabilities/id/89584034-4a93-42a6-8fef-55dc3895c45c?source=cve

Product: WordPress Network Summary plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2804

NVD References:

- https://plugins.trac.wordpress.org/browser/network-summary/trunk/includes/class-network-summary.php#L225

- https://www.wordfence.com/threat-intel/vulnerabilities/id/3320c182-b1f9-4e06-92ea-0fa670557dd0?source=cve

Product: MasterStudy LMS plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3136

NVD References:

- https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/helpers.php

- https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/templates.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/9a573740-cdfe-4b58-b33b-5e50bcbc4779?source=cve

Product: Sngrep

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3119

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3120

NVD References:

- https://github.com/irontec/sngrep/pull/480/commits/73c15c82d14c69df311e05fa75da734faafd365f

- https://github.com/irontec/sngrep/pull/480/commits/f229a5d31b0be6a6cc3ab4cd9bfa4a1b5c5714c6

- https://github.com/irontec/sngrep/releases/tag/v1.8.1

- https://pentraze.com/vulnerability-reports/

Product: Traccar

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31214

NVD References:

- https://github.com/traccar/traccar/blob/master/src/main/java/org/traccar/model/Device.java#L56

- https://github.com/traccar/traccar/blob/v5.12/src/main/java/org/traccar/api/resource/DeviceResource.java#L191

- https://github.com/traccar/traccar/commit/3fbdcd81566bc72e319ec05c77cf8a4120b87b8f

- https://github.com/traccar/traccar/security/advisories/GHSA-3gxq-f2qj-c8v9

Product: Plane open-source project management toolCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31461NVD References: - https://github.com/makeplane/plane/commit/4b0ccea1461b7ca38761dfe0d0f07c2f94425005- https://github.com/makeplane/plane/commit/d887b780aea5efba3f3d28c47d7d83f8b3e1e21c- https://github.com/makeplane/plane/pull/3323- https://github.com/makeplane/plane/pull/3333- https://github.com/makeplane/plane/security/advisories/GHSA-j77v-w36v-63v6CVE-2024-31465, CVE-2024-31981 through CVE-2024-31984, CVE-2024-31986 through CVE-2024-31988, CVE-2024-31996, CVE-2024-31997 - XWiki Platform multiple remote code execution vulnerabilitiesCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31465NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31981NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31982NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31983NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31984NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31986NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31987NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31988NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31996NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31997NVD References: - https://jira.xwiki.org/browse/XWIKI-21474- https://jira.xwiki.org/browse/XWIKI-21337- https://jira.xwiki.org/browse/XWIKI-21472- https://jira.xwiki.org/browse/XWIKI-21411- https://jira.xwiki.org/browse/XWIKI-21471- https://jira.xwiki.org/browse/XWIKI-21416- https://jira.xwiki.org/browse/XWIKI-21478- https://jira.xwiki.org/browse/XWIKI-21424- https://jira.xwiki.org/browse/XWIKI-21438- https://jira.xwiki.org/browse/XWIKI-21335CVE-2024-25912 - Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.Product: Skymoonlabs MoveToCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25912NVD References: https://patchstack.com/database/vulnerability/moveto/wordpress-moveto-plugin-6-2-unauthenticated-arbitrary-wordpress-settings-change-vulnerability?_s_id=cveCVE-2024-21508 - MySQL2 before 3.9.4 allows for Remote Code Execution through improper validation of supportBigNumbers and bigNumberStrings values in the readCodeFor function.Product: MySQL2CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21508NVD References: - https://blog.slonser.info/posts/mysql2-attacker-configuration/- https://github.com/sidorares/node-mysql2/blob/1609b5393516d72a4ae47196837317fbe75e0c13/lib/parsers/text_parser.js%23L14C10-L14C21- https://github.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805- https://github.com/sidorares/node-mysql2/pull/2572- https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4- https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591085CVE-2023-51409 - Jordy Meow AI Engine: ChatGPT Chatbot is vulnerable to unrestricted file upload with dangerous types from version n/a through 1.9.98.Product: Jordy Meow ChatGPT ChatbotCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51409NVD References: https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-1-9-98-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cveCVE-2024-3704 - OpenGnsys product version 1.1.1d (Espeto) is vulnerable to SQL Injection, allowing attackers to inject malicious code and access sensitive database information.Product: OpenGnsysCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3704NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsysCVE-2024-28878 - IO-1020 Micro ELD is vulnerable to code execution attacks due to downloading and running unverified code from nearby sources.Product: IO-1020 Micro ELDCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28878NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01CVE-2024-3765 - Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M are vulnerable to a critical manipulation vulnerability in the Sofia Service component, allowing for improper access controls and remote attacks.Product: Xiongmai Sofia ServiceCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3765NVD References: - https://github.com/netsecfish/xiongmai_incorrect_access_control- https://github.com/netsecfish/xiongmai_incorrect_access_control/blob/main/pocCheck3-en.py- https://vuldb.com/?ctiid.260605- https://vuldb.com/?id.260605- https://vuldb.com/?submit.311903CVE-2024-29836 & CVE-2024-29844 - Evolution Controller multiple vulnerabilitiesProduct: Evolution Networks Evolution ControllerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29836NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29844NVD References: https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.htmlCVE-2024-3777 - The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any u…

Product: Skymoonlabs MoveTo

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25912

NVD References: https://patchstack.com/database/vulnerability/moveto/wordpress-moveto-plugin-6-2-unauthenticated-arbitrary-wordpress-settings-change-vulnerability?_s_id=cve

Product: MySQL2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21508

NVD References:

- https://blog.slonser.info/posts/mysql2-attacker-configuration/

- https://github.com/sidorares/node-mysql2/blob/1609b5393516d72a4ae47196837317fbe75e0c13/lib/parsers/text_parser.js%23L14C10-L14C21

- https://github.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805

- https://github.com/sidorares/node-mysql2/pull/2572

- https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4

- https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591085

Product: Jordy Meow ChatGPT Chatbot

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51409

NVD References: https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-1-9-98-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve

Product: OpenGnsys

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3704

NVD References:

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys

Product: IO-1020 Micro ELD

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28878

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01

Product: Xiongmai Sofia Service

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3765

NVD References:

- https://github.com/netsecfish/xiongmai_incorrect_access_control

- https://github.com/netsecfish/xiongmai_incorrect_access_control/blob/main/pocCheck3-en.py

- https://vuldb.com/?ctiid.260605

- https://vuldb.com/?id.260605

- https://vuldb.com/?submit.311903

Product: Evolution Networks Evolution Controller

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29836

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29844

NVD References:

Product: Ai3 QbiBot

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3777

NVD References: https://www.twcert.org.tw/tw/cp-132-7732-9a54e-1.html

Product: Realtyna Organic IDX plugin

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32128

NVD References: https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-wpl-real-estate-plugin-4-14-4-unauthenticated-sql-injection-vulnerability?_s_id=cve

Product: WBSAirback 21.02.04

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3781

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions

Product: Combodo iTop

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48710

NVD References:

- https://github.com/Combodo/iTop/commit/3b2da39469f7a4636ed250ed0d33f4efff38be26

- https://github.com/Combodo/iTop/security/advisories/GHSA-g652-q7cc-7hfc

Product: Kohya_ss

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32022

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32025

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32026

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32027

NVD References: https://github.com/bmaltais/kohya_ss/commit/831af8babeb75faff62bcc6a8c6a4f80354f1ff1

NVD References: https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-m6jq-7j4v-2fg3

NVD References: https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-qprv-9pg5-h33c

NVD References: https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-v5cm-33w8-xrj6

NVD References: https://github.com/bmaltais/kohya_ss/security/advisories/GHSA-8h78-3vqm-xw83

Product: Oracle Hospitality SimphonyCVSS Score: 9.8 - 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20997NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21010NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21014NVD References: https://www.oracle.com/security-alerts/cpuapr2024.htmlCVE-2024-21071 - Oracle Workflow in Oracle E-Business Suite versions 12.2.3-12.2.13 is susceptible to an easily exploitable vulnerability that allows a high privileged attacker to compromise the system and potentially impact additional products.Product: Oracle E-Business SuiteCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21071NVD References: https://www.oracle.com/security-alerts/cpuapr2024.htmlCVE-2024-21082 - The Oracle BI Publisher product of Oracle Analytics (component: XML Services) has a critical vulnerability that can be exploited by an unauthenticated attacker with network access via HTTP to compromise and takeover Oracle BI Publisher.Product: Oracle BI PublisherCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21082NVD References: https://www.oracle.com/security-alerts/cpuapr2024.htmlCVE-2024-20670 - Outlook for Windows Spoofing VulnerabilityProduct: Microsoft OutlookCVSS Score: 8.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20670MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20670CVE-2024-20678 - Remote Procedure Call Runtime Remote Code Execution VulnerabilityProduct: Microsoft Windows Operating SystemCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20678MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20678CVE-2024-20688, CVE-2024-20689, CVE-2024-26175, CVE-2024-26180, CVE-2024-26189, CVE-2024-26194, CVE-2024-26240, CVE-2024-28896, CVE-2024-28920, CVE-2024-28925, CVE-2024-29061, & CVE-2024-29061 - Secure Boot Security Feature Bypass VulnerabilitiesProduct: Microsoft WindowsCVSS Scores: 7.1 - 8.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20688NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20689NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26175NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26180NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26189NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26194NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26240NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28896NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28920NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28925NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29061NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29062MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20688MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20689MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26175MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26180MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26189MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26194MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26240MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28896MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28920MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28925MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29061MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29062CVE-2024-20693 & CVE-2024-26218 - Windows Kernel Elevation of Privilege VulnerabilitiesProduct: Microsoft Windows KernelCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20693NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26218MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20693MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26218 CVE-2024-21322 through CVE-2024-21324, CVE-2024-29053 through CVE-2024-29055 - Microsoft Defender for IoT Remote Code Execution VulnerabilitiesProduct: Microsoft Defender for IoTCVSS Scores: 7.2 - 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21322NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21323NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21324NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29053NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29054NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29055MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21322MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21323MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29053MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29054MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29055 CVE-2024-21409 - .NET, .NET Framework, and Visual Studio Remote…

Product: Oracle BI Publisher

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21082

NVD References: https://www.oracle.com/security-alerts/cpuapr2024.html

Product: Microsoft Outlook

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20670

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20670

Product: Microsoft Windows Operating SystemCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20678MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20678CVE-2024-20688, CVE-2024-20689, CVE-2024-26175, CVE-2024-26180, CVE-2024-26189, CVE-2024-26194, CVE-2024-26240, CVE-2024-28896, CVE-2024-28920, CVE-2024-28925, CVE-2024-29061, & CVE-2024-29061 - Secure Boot Security Feature Bypass VulnerabilitiesProduct: Microsoft WindowsCVSS Scores: 7.1 - 8.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20688NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20689NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26175NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26180NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26189NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26194NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26240NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28896NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28920NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28925NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29061NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29062MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20688MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20689MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26175MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26180MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26189MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26194MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26240MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28896MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28920MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28925MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29061MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29062CVE-2024-20693 & CVE-2024-26218 - Windows Kernel Elevation of Privilege VulnerabilitiesProduct: Microsoft Windows KernelCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20693NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26218MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20693MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26218 CVE-2024-21322 through CVE-2024-21324, CVE-2024-29053 through CVE-2024-29055 - Microsoft Defender for IoT Remote Code Execution VulnerabilitiesProduct: Microsoft Defender for IoTCVSS Scores: 7.2 - 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21322NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21323NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21324NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29053NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29054NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29055MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21322MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21323MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29053MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29054MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29055 CVE-2024-21409 - .NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityProduct: Microsoft .NET Framework and Visual StudioCVSS Score: 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21409MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409CVE-2024-21447 - Windows Authentication Elevation of Privilege VulnerabilityProduct: Microsoft WindowsCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21447MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447CVE-2024-26158 - Microsoft Install Service Elevation of Privilege VulnerabilityProduct: Microsoft Install ServiceCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26158MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158CVE-2024-26179, CVE-2024-26200, CVE-2024-26205 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilitiesProduct: Microsoft Windows Routing and Remote Access Service (RRAS)CVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26179NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26200NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26205MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26179MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26200MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26205CVE-2024-26195, CVE-2024-26202, CVE-2024-26212, CVE-2024-26215 - DHCP …

CVE-2024-20693 & CVE-2024-26218 - Windows Kernel Elevation of Privilege VulnerabilitiesProduct: Microsoft Windows KernelCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20693NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26218MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20693MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26218 CVE-2024-21322 through CVE-2024-21324, CVE-2024-29053 through CVE-2024-29055 - Microsoft Defender for IoT Remote Code Execution VulnerabilitiesProduct: Microsoft Defender for IoTCVSS Scores: 7.2 - 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21322NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21323NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21324NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29053NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29054NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29055MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21322MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21323MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29053MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29054MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29055 CVE-2024-21409 - .NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityProduct: Microsoft .NET Framework and Visual StudioCVSS Score: 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21409MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409CVE-2024-21447 - Windows Authentication Elevation of Privilege VulnerabilityProduct: Microsoft WindowsCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21447MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447CVE-2024-26158 - Microsoft Install Service Elevation of Privilege VulnerabilityProduct: Microsoft Install ServiceCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26158MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158CVE-2024-26179, CVE-2024-26200, CVE-2024-26205 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilitiesProduct: Microsoft Windows Routing and Remote Access Service (RRAS)CVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26179NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26200NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26205MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26179MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26200MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26205CVE-2024-26195, CVE-2024-26202, CVE-2024-26212, CVE-2024-26215 - DHCP Server Service Remote Code Execution VulnerabilitiesProduct: Microsoft DHCP Server ServiceCVSS Score: 7.2 - 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26195NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26202NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26212NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26215MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26195MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26202MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26212MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26215CVE-2024-26208 & CVE-2024-26232 - Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilitiesProduct: Microsoft Message Queuing (MSMQ)CVSS Scores: 7.2 - 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26208NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26232MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26208MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26232 CVE-2024-26210 & CVE-2024-26244- Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution VulnerabilitiesProduct: Microsoft WDAC OLE DB ProviderCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26210NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26244MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26210MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26244CVE-2024-26214 - Microsoft WDAC SQL Server ODBC Driver Remote Code Execution VulnerabilityProduct: Microsoft SQL Server ODBC DriverCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26214MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26214CVE-2024-26216 - Windows File Server Resource Management Service Elevation of Privilege VulnerabilityProduct: Microsoft Windows File ServerCVSS Score: 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26216MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26216 CVE-2…

Product: Microsoft .NET Framework and Visual Studio

CVSS Score: 7.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21409

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409

Product: Microsoft Windows

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21447

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21447

Product: Microsoft Install ServiceCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26158MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158CVE-2024-26179, CVE-2024-26200, CVE-2024-26205 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilitiesProduct: Microsoft Windows Routing and Remote Access Service (RRAS)CVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26179NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26200NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26205MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26179MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26200MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26205CVE-2024-26195, CVE-2024-26202, CVE-2024-26212, CVE-2024-26215 - DHCP Server Service Remote Code Execution VulnerabilitiesProduct: Microsoft DHCP Server ServiceCVSS Score: 7.2 - 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26195NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26202NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26212NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26215MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26195MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26202MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26212MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26215CVE-2024-26208 & CVE-2024-26232 - Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilitiesProduct: Microsoft Message Queuing (MSMQ)CVSS Scores: 7.2 - 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26208NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26232MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26208MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26232 CVE-2024-26210 & CVE-2024-26244- Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution VulnerabilitiesProduct: Microsoft WDAC OLE DB ProviderCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26210NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26244MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26210MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26244CVE-2024-26214 - Microsoft WDAC SQL Server ODBC Driver Remote Code Execution VulnerabilityProduct: Microsoft SQL Server ODBC DriverCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26214MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26214CVE-2024-26216 - Windows File Server Resource Management Service Elevation of Privilege VulnerabilityProduct: Microsoft Windows File ServerCVSS Score: 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26216MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26216 CVE-2024-26219 - HTTP.sys Denial of Service VulnerabilityProduct: Microsoft HTTP.sysCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26219MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26219CVE-2024-26221 through CVE-2024-26224, CVE-2024-26227 - Windows DNS Server Remote Code Execution VulnerabilitiesProduct: Windows DNS ServerCVSS Score: 7.2NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26221NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26222NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26223NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26224NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26227MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26221MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26222MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26223MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26224MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26227CVE-2024-26231 & CVE-2024-26233 - Windows DNS Server Remote Code Execution VulnerabilityProduct: Microsoft Windows DNS ServerCVSS Score: 7.2NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26231NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26233MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26231MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26233CVE-2024-26228 - Windows Cryptographic Services Security Feature Bypass VulnerabilityProduct: Microsoft Windows Cryptographic ServicesCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26228MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26228CVE-2024-26229 - Windows CSC Service Elevation of Privilege VulnerabilityProduct: Windows CSC ServiceCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26229MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229CVE-2024-26235 & CVE-2024-26236 - Windo…

Product: Microsoft DHCP Server Service

CVSS Score: 7.2 - 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26195

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26202

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26212

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26215

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26195

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26202

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26212

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26215

Product: Microsoft Message Queuing (MSMQ)

CVSS Scores: 7.2 - 7.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26208

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26232

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26208

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26232

Product: Microsoft WDAC OLE DB Provider

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26210

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26244

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26210

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26244

Product: Microsoft SQL Server ODBC Driver

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26214

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26214

Product: Microsoft Windows File Server

CVSS Score: 7.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26216

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26216

Product: Microsoft HTTP.sys

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26219

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26219

Product: Windows DNS Server

CVSS Score: 7.2

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26221

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26222

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26223

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26224

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26227

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26221

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26222

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26223

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26224

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26227

Product: Microsoft Windows DNS Server

CVSS Score: 7.2

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26231

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26233

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26231

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26233

Product: Microsoft Windows Cryptographic Services

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26228

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26228

Product: Windows CSC Service

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26229

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26229

Product: Microsoft Windows Update Stack

CVSS Score: 7.0 - 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26235

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26236

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26235

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26236

Product: Microsoft Windows Defender

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26237

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26237

Product: Microsoft Windows Telephony Server

CVSS Scores: 7.0 - 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26230

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26239

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26242

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26230

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26239

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26242

Product: Microsoft Win32k

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26241

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26241

Product: Windows USB Print Driver

CVSS Score: 7.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26243

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26243

Product: Microsoft Windows SMB

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26245

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26245

Product: Microsoft Windows Kerberos

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26248

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26248

Product: Microsoft Virtual Machine Bus (VMBus)

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26254

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26254

Product: libarchive

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26256

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256

Product: Microsoft Excel

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26257

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26257

Product: Microsoft Brokering File System

CVSS Scores: 7.0.- 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26213

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28904

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28905

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28907

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26213

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28904

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28905

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28907

Product: Microsoft ODBC Driver for SQL Server

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28929

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28930

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28931

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28932

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28933

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28934

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28935

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28936

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28937

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28938

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28941

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28943

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29043

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043

Product: Microsoft OLE DB Driver for SQL Server

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28939

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28940

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28942

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28944

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28945

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29044

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29045

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29046

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29047

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29048

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29047

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048

Product: Microsoft Windows Remote Access Connection Manager

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26211

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26211

Product: Microsoft Windows Cryptographic Services

CVSS Score: 8.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29050

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29050

Product: Microsoft Windows Storage

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29052

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29052

Product: Azure AI Search

CVSS Score: 7.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29063

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29063

Product: Microsoft Windows Distributed File System (DFS)

CVSS Score: 7.2

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29066

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29066

Product: Microsoft SmartScreen Prompt

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29988

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988

Product: Microsoft Azure Monitor Agent

CVSS Score: 8.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29989

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29989

Product: Microsoft Azure CycleCloud

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29993

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29993

Product: Lenovo Windows 7 and 8

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23593

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-23593